We examine the evolution of the PipeMagic backdoor and the TTPs of its operators from the RansomExx incident in 2022 to attacks in Brazil and Saudi Arabia, and the exploitation of CVE-2025-29824 in 2025.
We examine the evolution of the PipeMagic backdoor and the TTPs of its operators from the RansomExx incident in 2022 to attacks in Brazil and Saudi Arabia, and the exploitation of CVE-2025-29824 in 2025.