Get all your news in one place.
100’s of premium titles.
One app.
Start reading
TechRadar
TechRadar
Sead Fadilpašić

Hackers may have found an entirely new way to backdoor into Windows systems

Laptop screen with red background and a warning sign in the middle.

A University in Taiwan has been attacked with a previously undocumented Windows backdoor that uses an usual, but not entirely new, method of communication.

Cybersecurity researchers from the Symantec Threat Hunter Team published their findings on Msupedge, which is designed as a dynamic link library (.DLL) with a particularly distinctive feature of communicating with the C2 via DNS traffic.

Msupedge grants its operators the ability to create processes on the target endpoint, download files, sleep for a predetermined time interval, create a temporary file (purpose unknown), and delete that said file.

Missing key details

"The most notable feature of this backdoor is that it communicates with a command-and-control (C&C) server via DNS traffic," the researchers said in their report. “Msupedge uses DNS tunneling for communication with the C&C server. The code for the DNS tunneling tool is based on the publicly available dnscat2 tool. It receives commands by performing name resolution.”

The researchers added that the technique is known, and has been used by “multiple threat actors”. “It is nevertheless something that is not often seen.”

We also don’t know exactly what the threat actors were looking for, or if they found it. We do know that they breached the victim devices through a PHP vulnerability that allows remote code execution (RCE). The vulnerability, tracked as CVE-2024-4577, carries a severity score of 9.8/10, making it a critical flaw.

Other important details are still missing - as it isn't known who the threat actors behind the attack are, or who the victim is (other than it is an unnamed university in Taiwan).

Given the current political climate, we can only speculate that this is the work of a Chinese state-sponsored group running cyber-espionage campaigns, targeting intellectuals and other academia members. Volt Typhoon is one such organization, which was observed in the past, running similar campaigns.

Via TheHackerNews

More from TechRadar Pro

Sign up to read this article
Read news from 100’s of titles, curated specifically for you.
Already a member? Sign in here
Related Stories
Top stories on inkl right now
One subscription that gives you access to news from hundreds of sites
Already a member? Sign in here
Our Picks
Fourteen days free
Download the app
One app. One membership.
100+ trusted global sources.