Hackers Exploit PHP Vulnerability to Deploy Stealthy Msupedge Backdoor

A new, undisclosed “backdoor”, called Msupedge, has been used in a cyber attack on a Taiwanese university. The Symantec Threat Hunter Team reveals the backdoor communicates through a command-and-control (C&C) server via DNS traffic. It may have been deployed via a critical flaw in PHP (CVE-2024-4577) allowing remote code execution. It’s unknown who is behind the backdoor or attack. Msupedge communicates via DNS tunneling and executes commands via resolving name assignments.