Akamai researchers are warning that Chinese attackers are using previously publicly disclosed vulnerabilities in ThinkPHP in new attacks. The bugs, CVE-2018-20062 and CVE-2019-9082, were patched over five years ago, but are now being exploited again in recent attacks. A Chinese threat actor has been using the flaws to fetch files from compromised servers in China, as well as to deploy a web shell called Dama on vulnerable servers. This web shell lets attackers navigate and interact with the file system. These recent attacks demonstrate the current trend of attackers using web shells for advanced victim control.
Read more: https://www.securityweek.com/chinese-hackers-exploit-old-thinkphp-vulnerabilities-in-new-attacks/