Wednesday, May 7, 2025
HomeCyber Security NewsHackers Seize Control of 3,000 Companies Through Critical Vulnerabilities

Hackers Seize Control of 3,000 Companies Through Critical Vulnerabilities

Published on

SIEM as a Service

Follow Us on Google News

In a groundbreaking cybersecurity investigation, researchers identified several critical vulnerabilities in a target system, eventually gaining control over 3,000 subsidiary companies managed by a parent organization.

The exploration leveraged flaws in API configurations, bypassed key security protocols, and exposed sensitive employee and customer data.

This research spanned three weeks and demonstrated the persistent risks of inadequate access controls in modern, API-driven infrastructures.

- Advertisement - Google News

The research team discovered these exploits while conducting tests on an organization’s APIs.

During their assessments, they identified unusual responses when submitting certain requests, which hinted at potential backend API access via path traversal.

Explaination of Frontend And Backend Paths.
Explaination of Frontend And Backend Paths.

The researchers attempted to use the traversal method but encountered a Web Application Firewall (WAF) blocking the requests.

However, through further analysis of JavaScript (JS) files, they located a production domain that bypassed the WAF’s restrictions, opening the door for deeper exploration.

Are you from SOC/DFIR Teams? - Analyse Malware Files & Links with ANY.RUN Sandox -> Try for Free

Backend Exposure

The researchers conducted extensive fuzzing, eventually uncovering an application.wadl endpoint linked to microservices responsible for the company’s payment system.

This endpoint mapped frontend API paths to internal backend microservices.

The team exploited this to extract sensitive operational data, including employee Personally Identifiable Information (PII), fingerprints, and customer invoices via mobile numbers.

These findings underscored a failure in backend request validation, allowing unauthorized access to confidential documents.

The investigation then led to an administrative superpanel managing all 3,000 subsidiary companies.

Initially, access to this panel required valid authentication credentials.

Employing username enumeration and custom wordlist-based brute-forcing, the researchers successfully bypassed the login, gaining administrative control.

Internal superadmin login page
Internal superadmin login page

This enabled them to modify national IDs, passwords, and other sensitive data across the company’s entire ecosystem.

Bypassing KYC Verification for Telecom Number Takeover

In a parallel attack on the company’s telecom operations, the researchers found methods to bypass Know Your Customer (KYC) checks.

Originally, backend requests for number transfers returned a “417 Expectation Failed” error.

However, by directly interacting with the backend API, they bypassed these checks and transferred customer phone numbers with fraudulent credentials, exposing subscribers to account takeover and identity theft.

One of the critical exploits relied on discrepancies in how the organization’s APIs handled authentication and authorization.

While the Frontend API blocked unauthorized requests, the Backend API interpreted malformed path traversal requests differently, bypassing authentication.

This revealed a fundamental weakness in request normalization and path sanitization practices.

This case illustrates the severe consequences of overlooking backend API security.

The researchers reported the vulnerabilities, and while the organization addressed certain issues, the scope of the discovered risks demanded a comprehensive overhaul of security practices.

Key recommendations include implementing uniform request validation across frontend and backend systems, enforcing WAF protections in all environments, and periodically auditing API endpoints for misconfigurations.

This extensive exploit chain highlights how minor misconfigurations, when methodically exploited, can snowball into catastrophic breaches, affecting thousands of users and stakeholders.

Cybersecurity professionals must treat API protection as a cornerstone of modern security strategies.

Integrating Application Security into Your CI/CD Workflows Using Jenkins & Jira -> Free Webinar

Aman Mishra
Aman Mishra
Aman Mishra is a Security and privacy Reporter covering various data breach, cyber crime, malware, & vulnerability.

Latest articles

Agenda Ransomware Group Enhances Tactics with SmokeLoader and NETXLOADER

The Agenda ransomware group, also known as Qilin, has been reported to intensify its...

SpyCloud Analysis Reveals 94% of Fortune 50 Companies Have Employee Data Exposed in Phishing Attacks

SpyCloud, the leading identity threat protection company, today released an analysis of nearly 6...

PoC Tool Released to Detect Servers Affected by Critical Apache Parquet Vulnerability

F5 Labs has released a new proof-of-concept (PoC) tool designed to help organizations detect...

Healthcare Sector Becomes a Major Target for Cyber Attacks in 2025

The healthcare sector has emerged as a prime target for cyber attackers, driven by...

Resilience at Scale

Why Application Security is Non-Negotiable

The resilience of your digital infrastructure directly impacts your ability to scale. And yet, application security remains a critical weak link for most organizations.

Application Security is no longer just a defensive play—it’s the cornerstone of cyber resilience and sustainable growth. In this webinar, Karthik Krishnamoorthy (CTO of Indusface) and Phani Deepak Akella (VP of Marketing – Indusface), will share how AI-powered application security can help organizations build resilience by

Discussion points


Protecting at internet scale using AI and behavioral-based DDoS & bot mitigation.
Autonomously discovering external assets and remediating vulnerabilities within 72 hours, enabling secure, confident scaling.
Ensuring 100% application availability through platforms architected for failure resilience.
Eliminating silos with real-time correlation between attack surface and active threats for rapid, accurate mitigation

More like this

Agenda Ransomware Group Enhances Tactics with SmokeLoader and NETXLOADER

The Agenda ransomware group, also known as Qilin, has been reported to intensify its...

PoC Tool Released to Detect Servers Affected by Critical Apache Parquet Vulnerability

F5 Labs has released a new proof-of-concept (PoC) tool designed to help organizations detect...

Healthcare Sector Becomes a Major Target for Cyber Attacks in 2025

The healthcare sector has emerged as a prime target for cyber attackers, driven by...