Taiwan Security Firm Confirms Flaw Flagged by CISA Likely Exploited by Chinese APTs

The CVE‑2024‑7694 flaw, discovered in TeamT5's ThreatSonar platform, illustrates how a seemingly routine privilege‑escalation bug can become a strategic weapon when left unpatched. Although the vendor issued a fix in August 2024, threat actors leveraged the window of exposure to embed malicious payloads, achieving arbitrary command execution on compromised servers. CISA's rapid inclusion of the vulnerability in its KEV catalog signals a heightened vigilance toward supply‑chain risks, especially for software that underpins government and enterprise defenses.

TeamT5's investigation traced the exploitation to two Chinese APT groups, designated Slime57 and Slime62, which orchestrated a sophisticated campaign using hundreds of compromised Taiwanese IP addresses to mask their origin. The attackers focused on a select set of high‑value clients, delivering a coordinated, targeted assault that required significant resources to identify and weaponize the vulnerability. By promptly notifying affected customers and facilitating comprehensive patching, TeamT5 mitigated further spread, but the episode highlights the persistent threat posed by nation‑state actors seeking footholds in trusted security solutions.

For policymakers and security leaders, the incident reinforces the necessity of proactive vulnerability management and continuous monitoring of third‑party software. The CISA deadline compels federal agencies to prioritize remediation, while private firms must adopt zero‑trust architectures and threat‑intelligence sharing to detect anomalous activity early. As supply‑chain attacks become more prevalent, organizations should invest in robust incident‑response capabilities and regularly audit vendor security postures to reduce exposure to similar exploits.