Top
image credit: Pixabay

Microsoft detects 77,000 active web shells on a daily basis

February 5, 2020

According to a report published by Microsoft, the company detects an average of 77,000 active web shells, spreading across 46,000 infected servers, on a daily base.

A web shell is a code, often written in typical web development programming languages (e.g., ASP, PHP, JSP), that attackers implant on web servers to gain remote access and code execution.

Microsoft observed several threat groups, including ZINC, KRYPTON, and GALLIUM, using these malicious codes in their campaigns. Threat actors use to exploit known issues in web applications to compromise web server and install the web shells. One of the most widely adopted web shells is the China Chopper one that was employed in numerous cyberespionage campaigns carried out by China-linked APT groups.

Read More on Security Affairs