New Backdoor Targeting Taiwan Employs Stealthy Communications
Essential information
- Published
- 20/08/2024 15:46
- Modified
- 20/08/2024 16:25
- Tags
- 2024-08-20 CVE-2024-4577 backdoor.msupedge
- Related entities
- 1 vulnerabilities (cve), 3 observables, 4 techniques (mitre), 1 malware, 1 others
Description
A previously undiscovered backdoor malware, Backdoor.Msupedge, has been deployed in an attack against a university in Taiwan. This backdoor utilizes an atypical technique, communicating with a command-and-control server through DNS traffic. It receives commands by resolving structured host names, and the resolved IP address itself serves as a command. The backdoor supports various commands, including process creation, file download, and sleep mode. The initial intrusion vector was likely the exploitation of a recently patched vulnerability in PHP, CVE-2024-4577, which allows remote code execution. While multiple threat actors have been scanning for vulnerable systems, the motive behind this specific attack remains unknown.