Security News > 2024 > August > Hackers Exploit PHP Vulnerability to Deploy Stealthy Msupedge Backdoor
A previously undocumented backdoor named Msupedge has been put to use against a cyber attack targeting an unnamed university in Taiwan.
"The most notable feature of this backdoor is that it communicates with a command-and-control server via DNS traffic," the Symantec Threat Hunter Team, part of Broadcom, said in a report shared with The Hacker News.
The origins of the backdoor are presently unknown as are the objectives behind the attack.
The backdoor in question is a dynamic-link library that's installed in the paths "Csidl drive fixedxampp" and "Csidl systemwbem." One of the DLLs, wuplog.
The most notable aspect of Msupedge is its reliance on DNS tunneling for communication with the C&C server, with code based on the open-source dnscat2 tool.
The commands supported by Msupedge are listed below -.
News URL
https://thehackernews.com/2024/08/hackers-exploit-php-vulnerability-to.html
Related news
- Hackers use PHP exploit to backdoor Windows systems with new malware (source)
- Volt Typhoon Hackers Exploit Zero-Day Vulnerability in Versa Director Servers Used by MSPs, ISPs (source)
- PHP Vulnerability Exploited to Spread Malware and Launch DDoS Attacks (source)
- Hackers use PoC exploits in attacks 22 minutes after release (source)
- Iranian Hackers Deploy New BugSleep Backdoor in Middle East Cyber Attacks (source)
- Chinese hackers deploy new Macma macOS backdoor version (source)
- New Windows Backdoor BITSLOTH Exploits BITS for Stealthy Communication (source)
- Hackers Exploit Misconfigured Jupyter Notebooks with Repurposed Minecraft DDoS Tool (source)
- North Korean hackers exploit VPN update flaw to install malware (source)
- Blind Eagle Hackers Exploit Spear-Phishing to Deploy RATs in Latin America (source)