Threat actors are exploiting PHP-CGI RCE (CVE-2024-4577) to target Japan’s tech and telecom sectors, using PowerShell and Cobalt Strike for persistence. They erase logs, steal credentials via Mimikatz, and host tools like BeEF and Viper C2 on exposed Alibaba servers. Cisco Talos warns of ongoing threats beyond credential theft.

‍