Exposed Server Unveils AI-Driven Credential Harvesting Operation with 13,000 Files
An exposed server on the internet has provided forensic investigators with a rare glimpse into an active criminal operation. This server contained extensive data, including code, logs, victim information, Telegram alert streams, and transcripts that reveal how an operator utilized AI tools like Claude Code and OpenClaw to construct, debug, and enhance an automated credential harvesting system.
The findings were published in a detailed report following the discovery of the exposed host. This platform, referred to as the “Bissa scanner,” integrated the React2Shell vulnerability with an AI-assisted operational pipeline. This pipeline automated various processes, including target scanning, compromise scoring, credential extraction, victim triage, and alert notifications via Telegram, creating a streamlined workflow for the attackers.
The Vulnerability at the Center – React2Shell
The core of this operation is tied to CVE-2025-55182, known as React2Shell, which has a CVSS score of 10.0. This unauthenticated remote code execution vulnerability affects React Server Components in versions 19.0 through 19.2.0, as well as the Next.js framework that employs them. First disclosed on December 3, 2025, this vulnerability allows attackers to execute arbitrary code on the server through a single crafted HTTP POST request, exploiting insecure deserialization in the RSC Flight protocol without requiring authentication.
Shortly after its disclosure, the Cybersecurity and Infrastructure Security Agency (CISA) added React2Shell to its Known Exploited Vulnerabilities catalog. Security firms such as Google GTIG, Microsoft, Wiz, and Cisco Talos reported widespread exploitation by both state-sponsored and financially motivated threat actors within days of the vulnerability becoming public.
The Bissa scanner operation is a distinct campaign leveraging this vulnerability, characterized not merely by the exploit itself but by the operational sophistication surrounding it.
13,000 Files and a Running Operation
The exposed server housed over 13,000 files across more than 150 directories, encompassing exploitation techniques, victim data staging, credential harvesting, access validation, and operator workflow management. The report emphasized that this infrastructure was not a passive data repository but an active operational framework designed to acquire access at scale and maximize the value derived from that access.
Artifacts from the server indicated that React2Shell was integral to a workflow capable of scanning millions of internet-facing targets. Logs revealed over 900 confirmed successful compromises, a statistic that underscores both the gravity of the underlying vulnerability and the advanced scanning pipeline established to exploit it effectively.
AI Tools as Criminal Workflow Assistants
A notable aspect of this operation is the integration of AI coding assistants into the attack workflow. Transcripts recovered from the server indicated that the operator utilized Claude Code—Anthropic’s command-line AI coding tool—and OpenClaw to navigate the scanner codebase, troubleshoot operational failures, orchestrate workflows, and refine the collection pipeline over time.
These AI tools served as a support mechanism for exploitation activities and workflow orchestration. This AI-assisted approach enabled the Bissa scanner to function as a modular platform that facilitated a structured process: exploiting targets, reviewing results, validating access, and prioritizing high-value victim environments.
Every Tier of Modern SaaS Acted as Credential Harvesting Opportunity
Credential harvesting was the primary revenue mechanism for this operation. The tens of thousands of .env files—environment configuration files used by web applications to store API keys, database credentials, and service tokens—yielded credentials across various layers of modern cloud infrastructure.
AI service providers represented the largest category of credentials harvested, with keys obtained from companies such as Anthropic, Google, OpenAI, Mistral, OpenRouter, Groq, Replicate, DeepSeek, and HuggingFace. Additionally, credentials from cloud providers like AWS, Azure, Google Cloud, Cloudflare, and DigitalOcean were compromised.
The operation also captured keys from payment platforms, including Stripe, PayPal, Shopify, and Square, as well as database credentials from Supabase and MongoDB. Identity and authentication secrets from Auth0, Okta, and Clerk were also found, along with GitHub tokens, Slack integration keys, Twilio and SendGrid messaging credentials, Fireblocks crypto custody API keys, and Plaid banking integration tokens.
This extensive credential inventory highlights a significant structural vulnerability in modern cloud-native applications. Developers frequently store production secrets in .env files that are deployed with the code, creating a single-file jackpot for any attacker who gains code execution on a web server.
The Operator Triaged What It Found
Beyond the sheer volume of credentials, the DFIR Report revealed that the Bissa scanner operation was selective in its post-compromise activities. Artifacts indicated that the operator triaged victim access, validated stolen data, and focused further collection efforts on organizations that met specific value criteria, particularly in the financial, cryptocurrency, and retail sectors.
Three distinct victim clusters on the server exemplify this selectivity. One victim was a mid-sized tax resolution and financial advisory firm, with staged datasets containing Plaid tokens, linked bank account data, IRS transcripts, ACH-related records, Twilio call data, Salesforce contacts, and case files with Social Security numbers and dates of birth.
Another victim was a large digital asset, payments, and enterprise finance company, with compromised data reflecting authenticated Oracle Fusion REST export activities tied to supplier, invoice, purchase order, and bank account records.
A third victim, a mid-sized payroll, HR, and stablecoin payments platform, had payroll, settlement, Fireblocks integration, and HR information system data staged on the same server. In the latter two cases, the initial access path could not be confirmed as originating from the React2Shell scanner.
One Person, Two Bots, a Telegram Channel
The Bissa scanner’s operational scripts included a hardcoded Telegram bot token linked to @bissapwned_bot, with all exploit confirmation alerts directed to a private chat channel. The sole human participant in this channel is identified as @BonJoviGoesHard, with the display name “Dr. Tube.”
Each bot message provided a structured alert for every confirmed CVE-2025-55182 hit, summarizing the victim’s identity, runtime context, privilege level, cloud posture, and recoverable secrets into a concise triage record. This setup allowed the operator to manage hundreds of exploitation events directly from a mobile device.
The operator appears to maintain at least two dedicated bots: @bissapwned_bot for scanner alerts and @bissa_scan_bot within the AI control subsystem. This consistent branding extends to other tools labeled bissascanner, bissa_bench, and bissapromax.
Research from Cisco Talos, Microsoft, and Google aligns on immediate priorities: patching CVE-2025-55182 across all Next.js and React Server Components deployments, rotating all API keys, database credentials, and .env secrets as a precaution, auditing application logs for suspicious POST requests, restricting access to cloud metadata service endpoints, and implementing secrets scanning across CI/CD pipelines to eliminate .env files as a persistent attack surface.
Source: thecyberexpress.com
Related
Keep reading for the latest cybersecurity developments, threat intelligence and breaking updates from across the Middle East.
