Active exploitation of such flaws has particularly escalated beginning in early 2020, with the deployment of a targeted implant against Chinese attacker-controlled devices revealing the utilization of a clandestine remote code execution exploit, reported Sophos researchers. “Whereas previous exploits required chaining with privilege escalation techniques manipulating database values (a risky and noisy operation, which aided detection), this exploit left minimal traces and provided direct access to root,”

Source: SC Magazine