KnowledgeDeliver flaw exploited as a zero-day to install web shells

Hackers exploited a zero-day vulnerability in KnowledgeDeliver LMS to deploy the Godzilla web shell, affecting servers running the affected system. The attack vector is unknown, but it's a critical vulnerability. The exploit allows for remote code execution.

1. The Godzilla web shell was deployed using a zero-day vulnerability in KnowledgeDeliver LMS.
2. The vulnerability affects servers running KnowledgeDeliver LMS, but the specific versions are not specified.
3. The attack chain involves exploiting the zero-day vulnerability to deploy the web shell, which allows for remote code execution.
4. Detection opportunities include monitoring for suspicious network activity and unusual system behavior.

T1210 - Exploit Public-Facing Application

Godzilla web shell, KnowledgeDeliver LMS, unknown IP addresses or domains

Apply patches or updates to KnowledgeDeliver LMS as soon as they become available to prevent exploitation of the zero-day vulnerability.