Skip to main content

Slashdot: Hackers Have Found an Entirely New Way To Backdoor Into Microsoft Windows

Hackers Have Found an Entirely New Way To Backdoor Into Microsoft Windows
Published on August 26, 2024 at 03:17AM
A university in Taiwan was breached with "a previously unseen backdoor (Backdoor.Msupedge) utilizing an infrequently seen technique," Symantec reports. The most notable feature of this backdoor is that it communicates with a command-and-control server via DNS traffic... The code for the DNS tunneling tool is based on the publicly available dnscat2 tool. It receives commands by performing name resolution... Msupedge not only receives commands via DNS traffic but also uses the resolved IP address of the C&C server (ctl.msedeapi[.]net) as a command. The third octet of the resolved IP address is a switch case. The behavior of the backdoor will change based on the value of the third octet of the resolved IP address minus seven... The initial intrusion was likely through the exploit of a recently patched PHP vulnerability (CVE-2024-4577). The vulnerability is a CGI argument injection flaw affecting all versions of PHP installed on the Windows operating system. Successful exploitation of the vulnerability can lead to remote code execution. Symantec has seen multiple threat actors scanning for vulnerable systems in recent weeks. To date, we have found no evidence allowing us to attribute this threat and the motive behind the attack remains unknown. More from The Record: Compared to more obvious methods like HTTP or HTTPS tunneling, this technique can be harder to detect because DNS traffic is generally considered benign and is often overlooked by security tools. Earlier in June, researchers discovered a campaign by suspected Chinese state-sponsored hackers, known as RedJuliett, targeting dozens of organizations in Taiwan, including universities, state agencies, electronics manufacturers, and religious organizations. Like many other Chinese threat actors, the group likely targeted vulnerabilities in internet-facing devices such as firewalls and enterprise VPNs for initial access because these devices often have limited visibility and security solutions, researchers said. Additional coverage at The Hacker News. Thanks to Slashdot reader joshuark for sharing the article.

Read more of this story at Slashdot.

Comments

Popular posts from this blog

Slashdot: Spain-Backed Fund Joins FOSSA's Sovereign Satellite Communications Push

Spain-Backed Fund Joins FOSSA's Sovereign Satellite Communications Push Published on 2026-06-28T22:05:00Z Spanish startup FOSSA Systems "has raised about $10.5 million to expand its connectivity constellation," reports Space News, noting some funding is backed by Spain's government: The support from the Spanish Society for Technological Transformation (SETT) comes a year after the fund injected 14 million euros into Spain's Sateliot , which is also developing a satellite connectivity network with security and defense applications. Spanish private investment firm Kibo Ventures led FOSSA's funding round, the six-year-old venture announced June 24, bringing its total raised to date to nearly 20 million euros. The proceeds will help fuel FOSSA's push beyond the tiny picosatellites it once used to connect low-power monitoring devices toward larger cubesats in low Earth orbit, enabling additional sovereign communications and space-based intelligence capab...

Slashdot: AT&T Outlines $250 Billion US Investment Plan To Boost Infrastructure In AI Age

AT&T Outlines $250 Billion US Investment Plan To Boost Infrastructure In AI Age Published on 2026-03-10T20:00:00Z AT&T plans to invest more than $250 billion over the next five years to expand U.S. telecom infrastructure for the AI age. The company says it will also hire thousands of technicians while partnering with AST SpaceMobile to extend coverage to remote areas. Reuters reports: Rapid adoption of artificial intelligence, cloud computing and connected devices has prompted telecom operators to invest heavily in fiber and 5G networks as they also seek to fend off intensifying competition from cable broadband providers. AT&T, which has about 110,000 employees in the U.S., said the new hires will help build and maintain its infrastructure. The outlay includes capital expenditure and other spending, the company said. The spending will focus on expanding its fiber and wireless networks, including accelerating deployment of fiber broadband, 5G home internet and satellite co...