Security News > 2024 > August > Hackers Exploit PHP Vulnerability to Deploy Stealthy Msupedge Backdoor
A previously undocumented backdoor named Msupedge has been put to use against a cyber attack targeting an unnamed university in Taiwan.
"The most notable feature of this backdoor is that it communicates with a command-and-control server via DNS traffic," the Symantec Threat Hunter Team, part of Broadcom, said in a report shared with The Hacker News.
The origins of the backdoor are presently unknown as are the objectives behind the attack.
The backdoor in question is a dynamic-link library that's installed in the paths "Csidl drive fixedxampp" and "Csidl systemwbem." One of the DLLs, wuplog.
The most notable aspect of Msupedge is its reliance on DNS tunneling for communication with the C&C server, with code based on the open-source dnscat2 tool.
The commands supported by Msupedge are listed below -.
News URL
https://thehackernews.com/2024/08/hackers-exploit-php-vulnerability-to.html
Related news
- Hackers Exploit Aviatrix Controller Vulnerability to Deploy Backdoors and Crypto Miners (source)
- Hackers exploit DoS flaw to disable Palo Alto Networks firewalls (source)
- Hackers exploit Four-Faith router flaw to open reverse shells (source)
- Mirai Botnet Variant Exploits Four-Faith Router Vulnerability for DDoS Attacks (source)
- Hackers exploit KerioControl firewall flaw to steal admin CSRF tokens (source)
- Hackers exploit critical Aviatrix Controller RCE flaw in attacks (source)
- Hackers Exploit Zero-Day in cnPilot Routers to Deploy AIRASHI DDoS Botnet (source)
- Hackers exploit 16 zero-days on first day of Pwn2Own Automotive 2025 (source)
- Custom Backdoor Exploiting Magic Packet Vulnerability in Juniper Routers (source)
- Hackers exploit critical unpatched flaw in Zyxel CPE devices (source)