Vulnerability Exploited: Hackers are exploiting a critical PHP flaw (CVE-2024-4577, CVSS score: 9.8) to deploy the Msupedge backdoor.
Target: An unnamed university in Taiwan.
Backdoor Details:
- Msupedge communicates with a command-and-control server using DNS tunneling.
- Utilizes open-source dnscat2 tool for DNS-based communication.
DLL Installation: Installed in specific system paths with one DLL (wuplog.dll) launched by Apache HTTP server.
Command Handling:
- Commands are derived from the third octet of a resolved IP address.
- Examples of commands include process creation, file downloading, and temporary file manipulation.
Related Threats:
- UTG-Q-010 threat group is linked to a phishing campaign using cryptocurrency and job-related lures.
- The campaign distributes Pupy RAT, an open-source remote access Trojan.