Stories
Slash Boxes
Comments

SoylentNews is people

PHP-CGI RCE Flaw Exploited in Attacks on Japan's Tech, Telecom, and E-Commerce Sectors

posted by hubie on Wednesday March 12, @09:35AM   Printer-friendly
from the another-day-another-exploit dept.

Fnord666 writes:

The Hacker News has an interesting article on a PHP-CGI RCE flaw that is being exploited in the wild.

Threat actors of unknown provenance have been attributed to a malicious campaign predominantly targeting organizations in Japan since January 2025.

"The attacker has exploited the vulnerability CVE-2024-4577, a remote code execution (RCE) flaw in the PHP-CGI implementation of PHP on Windows, to gain initial access to victim machines," Cisco Talos researcher Chetan Raghuprasad said in a technical report published Thursday.

"The attacker utilizes plugins of the publicly available Cobalt Strike kit 'TaoWu' for-post exploitation activities."

Targets of the malicious activity encompass companies across technology, telecommunications, entertainment, education, and e-commerce sectors in Japan.

[...] "We assess with moderate confidence that the attacker's motive extends beyond just credential harvesting, based on our observation of other post-exploitation activities, such as establishing persistence, elevating to SYSTEM level privilege, and potential access to adversarial frameworks, indicating the likelihood of future attacks," Raghuprasad said.

Original Submission

 
This discussion was created by hubie (1068) for logged-in users only. Log in and try again!
PHP-CGI RCE Flaw Exploited in Attacks on Japan's Tech, Telecom, and E-Commerce Sectors | Log In/Create an Account | Top | 3 comments | Search Discussion
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.