Taiwan University Under Fire From Unique DLL Backdoor

  /     /     /  
Publicated : 23/11/2024   Category : security


Taiwan University Under Fire From Unique DLL Backdoor


Its unclear who the Msupedge threat actors were or what the motive for the attack was.



A never-before-seen backdoor, dubbed Msupedge, is targeting victims in Taiwan, using a unique communications technique.
After Symantec researchers caught the malware being deployed in an attack on a Taiwan university, they determined it communicates with its command-and-control (C2) server via DNS traffic — which is a known, but infrequently seen technique,
according to a Symantec blog post this week
.
The backdoor comes in the form of a dynamic link library (DLL), which is installed in two file paths:
csidl_drive_fixedxamppwuplog.dll
csidl_systemwbemwmiclnt.dll
The backdoor then waits to receive commands via DNS traffic, and uses the resolved IP address of the C2 server as an initial command.
The researchers believe that the initial intrusion was possibly through the exploit of a recently patched
PHP vulnerability, known as CVE-2024-4577
. The bug is a CGI argument injection flaw that affects all versions of PHP installed in unpatched Windows instances. If successful, the exploitation of the bug can lead to remote code execution (RCE).
The researchers reported that they have recently discovered several threat actors scanning for vulnerable systems, but have found no evidence allowing us to attribute [Msupedge], and the motive behind the attack remains unknown.

Last News

▸ ArcSight prepares for future at user conference post HP acquisition. ◂
Discovered: 07/01/2025
Category: security

▸ Samsung Epic 4G: First To Use Media Hub ◂
Discovered: 07/01/2025
Category: security

▸ Many third-party software fails security tests ◂
Discovered: 07/01/2025
Category: security


Cyber Security Categories
Google Dorks Database
Exploits Vulnerability
Exploit Shellcodes

CVE List
Tools/Apps
News/Aarticles

Phishing Database
Deepfake Detection
Trends/Statistics & Live Infos



Tags:
Taiwan University Under Fire From Unique DLL Backdoor