ShadowSyndicate Hackers Abuse Aiohttp Python Vulnerability To Find Targets

The ransomware group 'ShadowSyndicate' targeted servers vulnerable to CVE-2024-23334, a directory traversal flaw in the aiohttp Python library. Aiohttp, crucial for handling concurrent HTTP requests, is widely used by tech firms, web developers, and data scientists. Version 3.9.2, released on January 28, 2024, addressed the vulnerability, impacting all versions prior to 3.9.1, allowing remote attackers to access files on vulnerable servers. Following this, a PoC exploit was shared on GitHub on February 27, 2024, alongside a step-by-step exploitation guide uploaded to YouTube in early March. Read more...