Tech News

AMI BMC Vulnerability Fuels Wild Exploitation; Iranian APT35 Targets Israeli Tech Professionals

June 26, 2025 – A critical vulnerability in American Megatrends Inc. (AMI) Baseboard Management Controller (BMC) firmware is currently being actively exploited in the wild, according to a warning issued by the U.S. Cybersecurity and Infrastructure Security Agency (CISA). Simultaneously, cybersecurity firm Checkpoint reported a targeted phishing campaign launched by Iranian Advanced Persistent Threat (APT) group, APT35, specifically aimed at Israeli technology experts. These two events represent significant developments in the ongoing landscape of enterprise cybersecurity threats.

CISA Issues Urgent Warning on AMI BMC Vulnerability (CVE-2024-54085)

The core of today’s cybersecurity news revolves around the widespread exploitation of a critical vulnerability within AMI BMC firmware. Identified as CVE-2024-54085, the flaw represents a complete authentication bypass within Redfish management interfaces. Redfish is a standardized management interface for IT devices, and vulnerabilities within this interface pose a broad risk across a diverse range of hardware.

According to CISA’s alert, the vulnerability has a maximum Common Vulnerability Scoring System (CVSS) score of 10.0, indicating the highest possible severity. This means the flaw is considered completely exploitable and presents an immediate and significant risk to organizations. Affected vendors include major manufacturers such as HPE, Asus, ASRock, and Lenovo. The vulnerability allows attackers to gain full control over affected machines. This control extends to deploying malware, modifying firmware, and potentially causing hardware damage.

The vulnerability was initially identified and a patch was released in March 2025. However, despite the availability of the fix, CISA has added the vulnerability to its Known Exploited Vulnerabilities catalog. This addition triggers specific requirements for federal agencies, mandating that they patch all affected systems by July 17, 2025.

CISA estimates that over 1,000 internet-exposed systems remain vulnerable. Crucially, the agency has confirmed active exploitation in the wild, indicating that attackers are currently leveraging this vulnerability to compromise systems. This real-world exploitation underscores the urgency of patching and highlights the potential for widespread damage if the vulnerability remains unaddressed. The agency’s action reflects a shift in focus from simply identifying vulnerabilities to actively mitigating their impact through mandated remediation. Further details regarding the specific methods of exploitation are currently being investigated by CISA and partner cybersecurity firms.

Iranian APT35 Launches Targeted Phishing Campaign Against Israeli Tech Professionals

Adding to the day’s cybersecurity concerns, Checkpoint, a leading cybersecurity firm, reported a sophisticated phishing campaign orchestrated by Iranian Advanced Persistent Threat (APT) group, APT35. This campaign is directly linked to the ongoing Iran-Israel conflict and represents a targeted effort aimed at gathering intelligence and potentially disrupting operations within Israel’s technology sector.

Checkpoint’s investigation revealed that APT35 is specifically targeting Israeli technology experts. The phishing emails utilized highly convincing lures, mimicking communications from legitimate sources. While the precise details of the emails remain under investigation, Checkpoint’s intelligence suggests that the attackers are attempting to gain access to sensitive information related to cybersecurity research, defense technology, and potentially critical infrastructure.

“The targeting of Israeli technology experts aligns with established patterns observed with APT35,” stated a Checkpoint spokesperson in a press release. “This campaign demonstrates the group’s continued operational focus on leveraging geopolitical tensions to achieve strategic objectives.”

Checkpoint’s analysis indicates that the phishing campaign is part of a broader intelligence-gathering operation. The collected data is likely being used to assess vulnerabilities in Israeli defenses and potentially to develop targeted attacks against key personnel and organizations. The firm is working closely with Israeli cybersecurity agencies to provide real-time intelligence and support to affected organizations. The investigation is ongoing, and Checkpoint anticipates further developments in the coming days.

Impact and Response

The combination of the AMI BMC vulnerability exploitation and the APT35 phishing campaign presents a layered threat landscape for organizations worldwide. The AMI vulnerability highlights the persistent challenge of patching legacy systems and the potential for attackers to exploit readily available vulnerabilities. The APT35 campaign underscores the evolving tactics of state-sponsored actors and their willingness to target specific individuals and industries within regions of geopolitical conflict.

Organizations are urged to immediately review their Redfish management interfaces, identify affected devices, and deploy the latest patches released by AMI and their respective hardware vendors. Furthermore, heightened vigilance is recommended, particularly for organizations operating in or with connections to Israel. Increased awareness of phishing tactics and robust security training for employees are crucial to mitigating the risk of falling victim to APT35’s campaign. Collaboration between government agencies, cybersecurity firms, and the private sector will be vital in addressing these evolving threats.

Summary of Developments (June 26, 2025)

Today’s cybersecurity news was dominated by two key events. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) issued a critical warning regarding the active exploitation of a CVE-2024-54085 vulnerability in American Megatrends Inc. (AMI) Baseboard Management Controller (BMC) firmware, mandating patching by federal agencies by July 17, 2025. Simultaneously, cybersecurity firm Checkpoint reported a targeted phishing campaign launched by Iranian APT35, specifically aimed at Israeli technology experts. These events highlight the ongoing challenges of patching legacy systems and the evolving tactics of state-sponsored cyber threats.

Disclaimer: This blog post was automatically generated using AI technology based on news summaries.
The information provided is for general informational purposes only and should not be considered as
professional advice or an official statement. Facts and events mentioned have not been independently
verified. Readers should conduct their own research before making any decisions based on this content.
We do not guarantee the accuracy, completeness, or reliability of the information presented.