When you purchase through links on our site, we may earn an affiliate commission.Heres how it works.
Msupedge uses DNS tunneling for communication with the C&C server.
The code for the DNS tunneling tool is based on the publicly available dnscat2 tool.
It receives commands by performing name resolution.
The researchers added that the technique is known, and has been used by multiple threat actors.
It is nevertheless something that is not often seen.
We also dont know exactly what the threat actors were looking for, or if they found it.
The vulnerability, tracked as CVE-2024-4577, carries a severity score of 9.8/10, making it a critical flaw.
Volt Typhoon is one such organization, which was observed in the past, running similar campaigns.
ViaTheHackerNews
