Security News > 2024 > August > Hackers Exploit PHP Vulnerability to Deploy Stealthy Msupedge Backdoor
A previously undocumented backdoor named Msupedge has been put to use against a cyber attack targeting an unnamed university in Taiwan.
"The most notable feature of this backdoor is that it communicates with a command-and-control server via DNS traffic," the Symantec Threat Hunter Team, part of Broadcom, said in a report shared with The Hacker News.
The origins of the backdoor are presently unknown as are the objectives behind the attack.
The backdoor in question is a dynamic-link library that's installed in the paths "Csidl drive fixedxampp" and "Csidl systemwbem." One of the DLLs, wuplog.
The most notable aspect of Msupedge is its reliance on DNS tunneling for communication with the C&C server, with code based on the open-source dnscat2 tool.
The commands supported by Msupedge are listed below -.
News URL
https://thehackernews.com/2024/08/hackers-exploit-php-vulnerability-to.html
Related news
- Hackers Exploit Paragon Partition Manager Driver Vulnerability in Ransomware Attacks (source)
- Hackers Exploit Severe PHP Flaw to Deploy Quasar RAT and XMRig Miners (source)
- Hackers exploit critical unpatched flaw in Zyxel CPE devices (source)
- Unpatched PHP Voyager Flaws Leave Servers Open to One-Click RCE Exploits (source)
- Hackers exploit SimpleHelp RMM flaws to deploy Sliver malware (source)
- CISA Warns of Active Exploits Targeting Trimble Cityworks Vulnerability (source)
- Hackers exploit Cityworks RCE bug to breach Microsoft IIS servers (source)
- XE Hacker Group Exploits VeraCore Zero-Day to Deploy Persistent Web Shells (source)
- Hackers Exploit Google Tag Manager to Deploy Credit Card Skimmers on Magento Stores (source)
- SonicWall firewall exploit lets hackers hijack VPN sessions, patch now (source)