Breaking cybersecurity news, news analysis, commentary, and other content from around the world, with an initial focus on the Middle East & Africa and the Asia Pacific

Taiwan University Under Fire From Unique DLL Backdoor

It's unclear who the "Msupedge" threat actors were or what the motive for the attack was.

Dark Reading Staff, Dark Reading

August 21, 2024

1 Min Read
A small doorway in a tree trunk in the forest
Source: James Stone via Alamy Stock Photo

A never-before-seen backdoor, dubbed Msupedge, is targeting victims in Taiwan, using a unique communications technique.

After Symantec researchers caught the malware being deployed in an attack on a Taiwan university, they determined it communicates with its command-and-control (C2) server via DNS traffic — which is a known, but infrequently seen technique, according to a Symantec blog post this week.

The backdoor comes in the form of a dynamic link library (DLL), which is installed in two file paths:

  1. csidl_drive_fixed\xampp\wuplog.dll

  2. csidl_system\wbem\wmiclnt.dll

The backdoor then waits to receive commands via DNS traffic, and uses the resolved IP address of the C2 server as an initial command.

The researchers believe that the initial intrusion was possibly through the exploit of a recently patched PHP vulnerability, known as CVE-2024-4577. The bug is a CGI argument injection flaw that affects all versions of PHP installed in unpatched Windows instances. If successful, the exploitation of the bug can lead to remote code execution (RCE).

The researchers reported that they have recently discovered several threat actors scanning for vulnerable systems, but "have found no evidence allowing us to attribute [Msupedge], and the motive behind the attack remains unknown."

Read more about:

DR Global Asia Pacific

About the Author

Dark Reading Staff

Dark Reading

Dark Reading is a leading cybersecurity media site.

Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.

You May Also Like


More Insights