August 21, 2024 at 03:32PM
A new backdoor named Msupedge is found attacking victims in Taiwan, employing a unique communication method. Symantec researchers uncovered this malware while investigating an attack on a Taiwan university. The backdoor communicates with its command-and-control server via DNS traffic, a less common technique. It is believed to have exploited a PHP vulnerability for initial intrusion.
Based on the meeting notes, the key takeaways are:
– A new backdoor named Msupedge has been discovered targeting victims in Taiwan using a unique communications technique via DNS traffic.
– Symantec researchers detected the backdoor in an attack on a Taiwan university and noted its communication with the command-and-control (C2) server using DNS traffic, which is an infrequently seen technique.
– The backdoor is in the form of a dynamic link library (DLL) installed in specific file paths.
– It waits for commands via DNS traffic and uses the resolved IP address of the C2 server as an initial command.
– The initial intrusion may have occurred through the exploitation of a recently patched PHP vulnerability known as CVE-2024-4577, which can lead to remote code execution.
– Multiple threat actors have been discovered scanning for vulnerable systems, but the motive behind the Msupedge attack remains unknown.
Please let me know if there’s anything else you need.