A university in Taiwan was subjected to a complex cyber-attack involving a previously undocumented Windows backdoor. The method used in the attack and the vulnerability discovered by the hackers have put all cybersecurity experts on high alert. Here are the details of the attack…
Unprecedented vulnerability found in Windows operating systems!
This malicious software, dubbed ‘Msupedge’ by cyber experts, uses an unusual method to communicate with a command-and-control (C&C) server, and is characterized as an attack that cybersecurity researchers have never encountered before.
According to the Symantec Threat Hunter Team’s report, Msupedge is designed as a dynamic link library (.DLL) and communicates with the C&C server using DNS traffic, a technique known as ‘DNS tunneling’ that is rarely seen and is considered to have a very low success rate.
The backdoor provides the operators with various capabilities, such as creating processes on the target endpoint, downloading files, shutting down the system for a preset duration, creating a temporary file, and deleting files. The real purpose of the hackers who used these methods to infiltrate a university’s database is currently unknown.
In the initial stage of the attack, a critical PHP vulnerability (CVE-2024-4577) with a severity score of 9.8/10 was used to achieve remote code execution, which is believed to have provided the attackers with the initial access to the university’s systems.
As the investigation continues, cybersecurity experts and Taiwanese authorities are working to determine the scope of the attack and the impact on the university’s systems.
{{user}} {{datetime}}
{{text}}