Ongoing intrusions exploiting a pair of old remote code execution flaws in the widely used open-source web app framework ThinkPHP, tracked as CVE-2018-20062 and CVE-2019-9082, have been conducted by Chinese hackers since April, following a similar attack campaign launched in October, according to SecurityWeek.
Both vulnerabilities have been leveraged by attackers to facilitate the eventual deployment of the Dama web shell, which has been used to enable file tampering and uploading, information gathering, network port scanning, unauthorized database access, and privilege escalation, an Akamai report showed.
"The recent attacks originated by a Chinese-speaking adversary highlight an ongoing trend of attackers using a fully-fledged web shell, designed for advanced victim control. Interestingly, not all targeted customers were using ThinkPHP, which suggests that the attackers may be indiscriminately targeting a broad range of systems," said Akamai, which urged the immediate remediation of the ThinkPHP vulnerabilities amid persistent attacks against unpatched instances.