New Backdoor Targeting Taiwan Employs Stealthy Communications

Tags

External References

• https://symantec-enterprise-blogs.security.com/
• https://otx.alienvault.com/

Description

A previously undiscovered backdoor malware, Backdoor.Msupedge, has been deployed in an attack against a university in Taiwan. This backdoor utilizes an atypical technique, communicating with a command-and-control server through DNS traffic. It receives commands by resolving structured host names, and the resolved IP address itself serves as a command. The backdoor supports various commands, including process creation, file download, and sleep mode. The initial intrusion vector was likely the exploitation of a recently patched vulnerability in PHP, CVE-2024-4577, which allows remote code execution. While multiple threat actors have been scanning for vulnerable systems, the motive behind this specific attack remains unknown.

Date