Security News > 2024 > August > Hackers Exploit PHP Vulnerability to Deploy Stealthy Msupedge Backdoor
A previously undocumented backdoor named Msupedge has been put to use against a cyber attack targeting an unnamed university in Taiwan.
"The most notable feature of this backdoor is that it communicates with a command-and-control server via DNS traffic," the Symantec Threat Hunter Team, part of Broadcom, said in a report shared with The Hacker News.
The origins of the backdoor are presently unknown as are the objectives behind the attack.
The backdoor in question is a dynamic-link library that's installed in the paths "Csidl drive fixedxampp" and "Csidl systemwbem." One of the DLLs, wuplog.
The most notable aspect of Msupedge is its reliance on DNS tunneling for communication with the C&C server, with code based on the open-source dnscat2 tool.
The commands supported by Msupedge are listed below -.
News URL
https://thehackernews.com/2024/08/hackers-exploit-php-vulnerability-to.html
Related news
- Hackers Exploit Severe PHP Flaw to Deploy Quasar RAT and XMRig Miners (source)
- New ‘Rules File Backdoor’ Attack Lets Hackers Inject Malicious Code via AI Code Editors (source)
- Top 3 MS Office Exploits Hackers Use in 2025 – Stay Alert! (source)
- BlackLock Ransomware Exposed After Researchers Exploit Leak Site Vulnerability (source)
- Hackers Exploit WordPress mu-Plugins to Inject Spam and Hijack Site Images (source)
- Russian Hackers Exploit CVE-2025-26633 via MSC EvilTwin to Deploy SilentPrism and DarkWisp (source)
- PipeMagic Trojan Exploits Windows Zero-Day Vulnerability to Deploy Ransomware (source)
- Hackers exploit WordPress plugin auth bypass hours after disclosure (source)
- Hackers exploit old FortiGate vulnerabilities, use symlink trick to retain limited access to patched devices (source)
- Kimsuky Exploits BlueKeep RDP Vulnerability to Breach Systems in South Korea and Japan (source)