The Reveal Platform
Intel Name: Bronze butler exploits japanese asset management software vulnerability
Date of Scan: October 31, 2025
Impact: High
Summary: In mid-2025, researchers identified a sophisticated BRONZE BUTLER campaign that leveraged a zero-day vulnerability in Motex LANSCOPE Endpoint Manager to exfiltrate sensitive data. The Chinese state-sponsored BRONZE BUTLER group—also known as Tick—has been active since 2010 and previously exploited a zero-day flaw in the Japanese asset management software SKYSEA Client View in 2016. On October 22, 2025, JPCERT/CC issued an advisory regarding the LANSCOPE vulnerability. Investigators confirmed that the threat actors achieved initial access by exploiting CVE-2025-61932, a flaw enabling remote attackers to execute arbitrary commands with SYSTEM privileges. While CTU analysis indicates that few internet-facing devices are affected, attackers could still exploit vulnerable systems within compromised networks to escalate privileges and move laterally.
