top of page
perceptive_background_267k.jpg

North Korea-linked Actors Exploit React2Shell to Deploy New EtherRAT Malware

Published:

9 December 2025 at 18:25:00

Alert date:

9 December 2025 at 20:01:36

Source:

thehackernews.com

Click to open the original link from this advisory

North Korea-linked threat actors are exploiting the React2Shell vulnerability in React Server Components to deploy EtherRAT malware. EtherRAT is a new remote access trojan that uses Ethereum smart contracts for command-and-control communications and implements five different Linux persistence mechanisms. This represents active exploitation of a critical security flaw by state-sponsored actors.

Technical details

Mitigation steps:

Affected products:

React Server Components

Related links:

https://thehackernews.com/2025/12/north-korea-linked-actors-exploit.html

Related CVE's:

Related threat actors:

IOC's:

This article was created with the assistance of AI technology by Perceptive.

About us

© 2025 by Perceptive Security. All rights reserved.

email: info@perceptivesecurity.com

Disclaimer: Deze website toont informatie afkomstig van externe bronnen. Perceptive aanvaardt geen verantwoordelijkheid voor de inhoud, juistheid of volledigheid van deze informatie.

bottom of page