Vulnerability Management, Patch/Configuration Management, Threat Intelligence

Old ThinkPHP flaws leveraged by Chinese hackers

Detailed view of a computer screen with the word "HACKED" displayed prominently

Ongoing intrusions exploiting a pair of old remote code execution flaws in the widely used open-source web app framework ThinkPHP, tracked as CVE-2018-20062 and CVE-2019-9082, have been conducted by Chinese hackers since April, following a similar attack campaign launched in October, according to SecurityWeek.

Both vulnerabilities have been leveraged by attackers to facilitate the eventual deployment of the Dama web shell, which has been used to enable file tampering and uploading, information gathering, network port scanning, unauthorized database access, and privilege escalation, an Akamai report showed.

"The recent attacks originated by a Chinese-speaking adversary highlight an ongoing trend of attackers using a fully-fledged web shell, designed for advanced victim control. Interestingly, not all targeted customers were using ThinkPHP, which suggests that the attackers may be indiscriminately targeting a broad range of systems," said Akamai, which urged the immediate remediation of the ThinkPHP vulnerabilities amid persistent attacks against unpatched instances.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.