China Chopper Web shells are an older threat causing new problems for many organizations targeted in ongoing attacks against vulnerable Microsoft Exchange Servers worldwide.
Since Microsoft patched a series of Exchange Server zero-days on March 2, what had previously been "limited and targeted" attacks quickly became a global issue as attackers weaponized the critical flaws. Security companies tracking the activity, including FireEye and Red Canary, noticed China Chopper Web shells played a consistent role in their observed attack patterns.
Less than two weeks after the flaws were disclosed, the DHS' Cybersecurity and Infrastructure Security Agency (CISA) updated its guidance on the vulnerabilities to include seven China Chopper Web shells connected to successful attacks against vulnerable Exchange Servers.
China Chopper is not a new piece of malware. Researchers with FireEye first published research on the threat in 2013; Cisco Talos experts have dated samples back to 2010. It's a fairly simple backdoor that allows criminals to remotely access a target network and gain remote control.
A Web shell typically has client-side and server-side parts. China Chopper has a command-and-control (C2) binary, and a text-based Web shell payload that acts as the server component. As FireEye researchers note in an early report on the threat, this text-based payload i ..
Support the originator by clicking the read the rest link below.
