The code is a web shell known as China Chopper. China Chopper allows attackers to remotely access servers running web applications.
According to the researchers, this shell is quite difficult to detect.
Despite the secrecy of the web shell, over the past few years it has been repeatedly seen in various malicious campaigns. In most cases, such public attention leads to the cessation of attacks by criminals, however, operators began to use it more often over the past two years.
“In our research, we discovered both Internet Information Services (IIS) and Apache web servers compromised with China Chopper web shells. We do not have additional data about how the web shell was installed, but there are several web application frameworks such as older versions of Oracle WebLogic or WordPress that may have been targeted with known remote code execution or file inclusion exploits”, — report Cisco Talos specialists.
On its blog, Cisco Talos talked about three campaigns that used China Chopper.
The first aimed at a government organization in Asia with the goal of stealing documents and bases’ copies. To do this, a China Chopper backdoor was installed on several servers.
Read also: MyDoom worm is already 15 years old, but it is still active
In the second case, the organization in Lebanon was subjected to a number of cyber ttacks, including with the use of the extortion software Sodinokibi and GandCrab. For data mining were used remote access, the Gh0stRAT and Venom tools.
The third campaign aimed at an Asian hosting provider. The attack on Windows servers lasted for 10 months.
According to experts, the web shell is widely available and can be used by any criminal. Thus, it is almost impossible to connect attacks with a specific group, relying solely on the presence of China Chopper.
“The usage of China Chopper in recent campaigns proves that a lot of old threats never really die, and defenders on the internet need to be looking out for malware both young and old”, — warn Cisco Talos specialists.
When securing the infrastructure it is important to keep internal as well as external facing web servers, applications, and frameworks up to date with the latest security patches to mitigate risk of compromise with already known exploits.
Despite the age, China Chopper is here to stay, and we will likely see it in the wild going forward.
About News-xbuhoxu.store News-xbuhoxu.store pop-ups can not open out of nowhere. If you have actually clicked…
About News-xbadeyo.today News-xbadeyo.today pop-ups can not introduce out of nowhere. If you have clicked on…
About News-bbutohu.info News-bbutohu.info pop-ups can not open out of nowhere. If you have actually clicked…
About News-bbucoxe.today News-bbucoxe.today pop-ups can not launch out of the blue. If you have clicked…
About News-xdetake.cc News-xdetake.cc pop-ups can not expose out of nowhere. If you have clicked on…
About News-bbufiya.today News-bbufiya.today pop-ups can not expose out of nowhere. If you have clicked some…