Hackers deployed new malware against university in Taiwan

Avatar

Researchers have uncovered a previously unseen backdoor which was used in an attack on a university in Taiwan.

To infect their victims, the malware operators likely exploited a recently patched PHP vulnerability tracked as CVE-2024-4577, according to researchers at the cybersecurity firm Symantec. The vulnerability primarily affects Windows installations using Chinese and Japanese languages.

Successful exploitation of the vulnerability can lead to remote code execution, Symantec said. Researchers have observed multiple threat actors scanning for vulnerable systems in recent weeks.

“To date, we have found no evidence allowing us to attribute this threat, and the motive behind the attack remains unknown,” they added.

What is special about the malware, which they dubbed Msupedge, is that it uses a technique called Domain Name System (DNS) tunneling to communicate with a server controlled by the hacker.

Compared to more obvious methods like HTTP or HTTPS tunneling, this technique can be harder to detect because DNS traffic is generally considered benign and is often overlooked by security tools.

Earlier in June, researchers discovered a campaign by suspected Chinese state-sponsored hackers, known as RedJuliett, targeting dozens of organizations in Taiwan, including universities, state agencies, electronics manufacturers, and religious organizations.

Like many other Chinese threat actors, the group likely targeted vulnerabilities in internet-facing devices such as firewalls and enterprise VPNs for initial access because these devices often have limited visibility and security solutions, researchers said.

In August, a Taiwanese government-affiliated research institute working on sensitive technologies was breached by one of China’s most infamous hacker groups, APT41. The hackers deployed the ShadowPad malware and several additional tools were written in Simplified Chinese.

NewsNews BriefsMalwareNation-state
Get more insights with the

Recorded Future

Intelligence Cloud.

Learn more.

No previous article

No new articles

Daryna Antoniuk

is a reporter for Recorded Future News based in Ukraine. She writes about cybersecurity startups, cyberattacks in Eastern Europe and the state of the cyberwar between Ukraine and Russia. She previously was a tech reporter for Forbes Ukraine. Her work has also been published at Sifted, The Kyiv Independent and The Kyiv Post.

 

Total
0
Shares
Previous Post

‘Styx Stealer’ malware developer accidentally exposes personal info to researchers in ‘critical opsec error’

Next Post

Moscow detains scientist suspected of carrying out DDoS attacks on Russia

Related Posts

Your AI Agents Might Be Leaking Data — Watch this Webinar to Learn How to Stop It

Generative AI is changing how businesses work, learn, and innovate. But beneath the surface, something dangerous is happening. AI agents and custom GenAI workflows are creating new, hidden ways for sensitive enterprise data to leak—and most teams don’t even realize it. If you’re building, deploying, or managing AI systems, now is the time to ask: Are your AI agents exposing confidential data
Avatar
Read More

OpenAI Bans ChatGPT Accounts Used by Russian, Iranian and Chinese Hacker Groups

OpenAI has revealed that it banned a set of ChatGPT accounts that were likely operated by Russian-speaking threat actors and two Chinese nation-state hacking groups to assist with malware development, social media automation, and research about U.S. satellite communications technologies, among other things. "The [Russian-speaking] actor used our models to assist with developing and refining
Avatar
Read More

Automating Zero Trust in Healthcare: From Risk Scoring to Dynamic Policy Enforcement Without Network Redesign

The Evolving Healthcare Cybersecurity Landscape  Healthcare organizations face unprecedented cybersecurity challenges in 2025. With operational technology (OT) environments increasingly targeted and the convergence of IT and medical systems creating an expanded attack surface, traditional security approaches are proving inadequate. According to recent statistics, the healthcare sector
Avatar
Read More