Catalin Cimpanu on Nostr: A Chinese cybercrime group is targeting websites built using the ThinkPHP framework ...
Published at
2024-06-06 11:01:47Event JSON
{
"id": "dd5a4ef581190813fe97ab1a9500fb51bfda0fcadac2b3a4b4d5615875fbcd8c",
"pubkey": "5813cb0c08b954765976fe9867ea38b2b1524e39b1f75ab22b326e25833aa766",
"created_at": 1717671707,
"kind": 1,
"tags": [
[
"proxy",
"https://mastodon.social/users/campuscodi/statuses/112569333002081397",
"activitypub"
]
],
"content": "A Chinese cybercrime group is targeting websites built using the ThinkPHP framework in attacks designed to install a new web shell named Dama.\n\nThe attacks exploit two old 2018 and 2019 vulnerabilities in the framework, mostly used by Chinese-speaking developers.\n\nAkamai says the attacks started last October and are ongoing.\n\nThe company couldn't say what the final payload was (i.e., cryptomining, proxy bot, DDoS, etc.).\n\nhttps://www.akamai.com/blog/security-research/2024/jun/2024-thinkphp-applications-exploit-1-days-dama-webshell",
"sig": "2ce2616bd96abcb364583752a55497ad53699039804dd1a7d0285d816977acaa17f09fe49ebd3cc833e40b875c117c6cd6a26f01672a13bdc2bb37dc1b3a9ef0"
}