Attacks leveraging an exploit for the critical PHP-CGI remote code execution flaw, tracked as CVE-2024-4577, have been launched to compromise a Taiwan-based university's Windows systems with the novel Msupedge malware, according to BleepingComputer.
Infiltration of vulnerable systems via the security issue, which was addressed by PHP maintainers in early June, was followed by the deployment of Msupedge as a pair of dynamic link libraries, an analysis from Symantec's Threat Hunter Team showed. With command-and-control communications facilitated by DNS traffic, Msupedge could enable the execution of several commands, including those involving file downloads, process creation, and temporary file management, researchers found. "Symantec has seen multiple threat actors scanning for vulnerable systems in recent weeks. To date, we have found no evidence allowing us to attribute this threat and the motive behind the attack remains unknown," said the report. Such a development comes months after exploitation of the flaw was reported to have been conducted by the TellYouThePass ransomware gang.