A Chinese cybercrime group is targeting websites built using the ThinkPHP framework in attacks designed to install a new web shell named Dama.
The attacks exploit two old 2018 and 2019 vulnerabilities in the framework, mostly used by Chinese-speaking developers.
Akamai says the attacks started last October and are ongoing.
The company couldn't say what the final payload was (i.e., cryptomining, proxy bot, DDoS, etc.).
https://www.akamai.com/blog/security-research/2024/jun/2024-thinkphp-applications-exploit-1-days-dama-webshell
Catalin Cimpanu /
npub1tq…3aefw
2024-06-06 11:01:47
Author Public Key
npub1tqfukrqgh928vktkl6vx063ck2c4yn3ek8m44v3txfhztqe65anq63aefwPublished at
2024-06-06 11:01:47Event JSON
{
"id": "dd5a4ef581190813fe97ab1a9500fb51bfda0fcadac2b3a4b4d5615875fbcd8c",
"pubkey": "5813cb0c08b954765976fe9867ea38b2b1524e39b1f75ab22b326e25833aa766",
"created_at": 1717671707,
"kind": 1,
"tags": [
[
"proxy",
"https://mastodon.social/users/campuscodi/statuses/112569333002081397",
"activitypub"
]
],
"content": "A Chinese cybercrime group is targeting websites built using the ThinkPHP framework in attacks designed to install a new web shell named Dama.\n\nThe attacks exploit two old 2018 and 2019 vulnerabilities in the framework, mostly used by Chinese-speaking developers.\n\nAkamai says the attacks started last October and are ongoing.\n\nThe company couldn't say what the final payload was (i.e., cryptomining, proxy bot, DDoS, etc.).\n\nhttps://www.akamai.com/blog/security-research/2024/jun/2024-thinkphp-applications-exploit-1-days-dama-webshell",
"sig": "2ce2616bd96abcb364583752a55497ad53699039804dd1a7d0285d816977acaa17f09fe49ebd3cc833e40b875c117c6cd6a26f01672a13bdc2bb37dc1b3a9ef0"
}