The “You Dun” hacking group exploited vulnerable Zhiyuan OA software using SQL injection, leveraging tools like WebLogicScan, Vulmap, and Xray for reconnaissance. They further escalated privileges on compromised hosts with tools like traitor and CDK. Active Cobalt Strike server leaked, revealing its use in various cyberattacks, including ransomware deployment (LockBit 3) and data theft.
Source: GBHackers