Chinese threat actors are exploiting CVE-2018-20062 and CVE-2019-9082 vulnerabilities in ThinkPHP applications to install Dama, a persistent web shell.
The web shell allows for further exploitation of the compromised endpoints, such as enlisting them as part of the perpetrators’ infrastructure to avoid detection in future operations.
The first indications of this activity date back to October 2023, but according to Akamai analysts tracking it, the malicious behaviour has lately expanded and intensified.
Targeting old flaws
ThinkPHP is a popular open-source framework for developing online appps, particularly in China.
CVE-2018-20062, which was resolved in December 2018, is a vulnerability identified in NoneCMS 1.3 that allows remote attackers to execute arbitrary PHP code by manipulating the filter parameter.
CVE-2019-9082 affects ThinkPHP 3.2.4 and older, which is used in Open Source BMS 1.1.1. It is a remote command execution issue that was addressed in February 2019.
The two weaknesses are exploited in this campaign to allow attackers to execute remote malware, impacting the underlying content management syst
[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.
[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.
This article has been indexed from CySecurity News – Latest Information Security and Hacking Incidents
Read the original article: