{"id":23167,"date":"2018-12-21T20:16:01","date_gmt":"2018-12-21T20:16:01","guid":{"rendered":"http:\/\/3d648c3e-d126-4ae6-bd85-c39fcc7f5ee9"},"modified":"2018-12-21T20:16:01","modified_gmt":"2018-12-21T20:16:01","slug":"chinese-websites-have-been-under-attack-for-a-week-via-a-new-php-framework-bug","status":"publish","type":"post","link":"https:\/\/www.threatshub.org\/blog\/chinese-websites-have-been-under-attack-for-a-week-via-a-new-php-framework-bug\/","title":{"rendered":"Chinese websites have been under attack for a week via a new PHP framework bug"},"content":{"rendered":"<p><span class=\"img aspect-set\"><img decoding=\"async\" src=\"https:\/\/zdnet4.cbsistatic.com\/hub\/i\/2018\/12\/21\/b2f7e910-ac31-4311-8e1f-d4f6d07b1842\/29caedf9afcaf98aca74703334874af9\/thinkphp.png\" class=\"\" alt=\"thinkphp.png\"\/><\/span><\/p>\n<p>Over 45,000 Chinese websites have been under a barrage of attacks from miscreants looking to gain access to web servers, <em>ZDNet<\/em> has learned.<\/p>\n<div class=\"relatedContent alignRight\">\n<h3 class=\"heading\"><span class=\"int\">More security news<\/span><\/h3>\n<\/div>\n<p>The attacks have targeted websites built with <a href=\"https:\/\/thinkphp.cn\/\" target=\"_blank\" rel=\"noopener noreferrer\">ThinkPHP<\/a>, a Chinese-made PHP framework that is very popular among the local web development scene.<\/p>\n<p>All attacks started after Chinese cyber-security firm VulnSpy posted a <a href=\"https:\/\/www.exploit-db.com\/exploits\/45978\" target=\"_blank\" rel=\"noopener noreferrer\">proof-of-concept exploit<\/a> for ThinkPHP on ExploitDB, a website popular for hosting free exploit code.<\/p>\n<p>The proof-of-concept code exploits a vulnerability in the framework&#8217;s invokeFunction method to execute malicious code on the underlying server. The vulnerability is remotely exploitable, as most vulnerabilities in web-based apps tend to be, and can allow an attacker to gain control over the server.<\/p>\n<h3>Attacks started within a day<\/h3>\n<p>&#8220;The PoC was published on December 11, and we saw internet-wide scans less than 24 hours later,&#8221; <a href=\"https:\/\/twitter.com\/bad_packets\/\" target=\"_blank\" rel=\"noopener noreferrer\">Troy Mursch<\/a>, co-founder of Bad Packets LLC told <em>ZDNet<\/em> today.<\/p>\n<p>Four other security firms &#8212;<a href=\"https:\/\/twitter.com\/F5Labs\/status\/1073006297078030336\/\" target=\"_blank\" rel=\"noopener noreferrer\">F5 Labs<\/a>, <a href=\"https:\/\/twitter.com\/GreyNoiseIO\/status\/1075813860542726145?s=09\" target=\"_blank\" rel=\"noopener noreferrer\">GreyNoise<\/a>, <a href=\"https:\/\/twitter.com\/ankit_anubhav\/status\/1073540013558824960\" target=\"_blank\" rel=\"noopener noreferrer\">NewSky Security<\/a>, and <a href=\"https:\/\/blog.trendmicro.com\/trendlabs-security-intelligence\/with-mirai-comes-miori-iot-botnet-delivered-via-thinkphp-remote-code-execution-exploit\/\" target=\"_blank\" rel=\"noopener noreferrer\">Trend Micro<\/a>&#8212; have also reported similar scans, which have grown in intensity in the following days.<\/p>\n<p>The number of organized threat groups exploiting the new ThinkPHP vulnerability has also grown as well. There are now the original attackers, another group that security experts named &#8220;D3c3mb3r,&#8221; and a group that&#8217;s using the ThinkPHP vulnerability to infect servers with the Miori IoT malware.<\/p>\n<section class=\"sharethrough-top\" data-component=\"medusaContentRecommendation\" data-medusa-content-recommendation-options=\"{&quot;promo&quot;:&quot;promo_ZD_recommendation_sharethrough_top_in_article_desktop&quot;,&quot;spot&quot;:&quot;dfp-in-article&quot;}\">\n<\/section>\n<p>This last group, detected by Trend Micro, also suggests that the ThinkPHP framework might have been used to build control panels of some home routers and IoT devices, as Miori wouldn&#8217;t be able to function properly on actual Linux servers.<\/p>\n<p>Furthermore, NewSky Security has also detected a fourth group scanning for ThinkPHP-based sites and attempting to run Microsoft Powershell commands.<\/p>\n<p>&#8220;The Powershell one is bizarre,&#8221; <a href=\"https:\/\/twitter.com\/ankit_anubhav\/\" target=\"_blank\" rel=\"noopener noreferrer\">Ankit Anubhav<\/a>, Principal Security Researcher for NewSky Security told <em>ZDNet<\/em>. &#8220;They actually have some code that checks for OS type and runs different exploit code for Linux, but they also run Powershell just to try their luck.&#8221;<\/p>\n<p>But the biggest of all groups exploiting this ThinkPHP vulnerability is the group they call D3c3mb3r. This group isn&#8217;t particularly focused on ThinkPHP sites only. This group scans for everything PHP.<\/p>\n<p>&#8220;They are very loud on PHP,&#8221; Anubhav told us. &#8220;Mostly looking for web servers and not IoT devices.&#8221;<\/p>\n<p>But this group, for now, isn&#8217;t doing anything special. They don&#8217;t infect servers with cryptocurrency miners or any malware. They simply scan for vulnerable hosts, run a basic &#8220;echo hello d3c3mb3r&#8221; command, and that&#8217;s it.<\/p>\n<p>&#8220;I am not sure about their motive,&#8221; Anubhav said.<\/p>\n<h3>Over 45,000 vulnerable hosts<\/h3>\n<p>According to a <a href=\"https:\/\/www.shodan.io\/search?query=thinkphp\" target=\"_blank\" rel=\"noopener noreferrer\">Shodan search<\/a>, there are currently over 45,800 servers running a ThinkPHP-based web app that are reachable online. Over 40,000 of these are hosted on Chinese IP addresses, which makes sense since ThinkPHP&#8217;s documentation is only available in Chinese, and most likely not used outside the country.<\/p>\n<p>This also explains why most of the attackers looking for ThinkPHP sites are also mostly Chinese.<\/p>\n<p>&#8220;So far the only hosts we&#8217;ve seen scanning for ThinkPHP installations have come from China or Russia,&#8221; Mursch told <em>ZDNet<\/em> after consulting data in regards to the origin of most these scans.<\/p>\n<p>But you don&#8217;t need to be Chinese to exploit a vulnerability in Chinese software. As more threat groups will learn about this new easy way to hack into web servers, attacks on Chinese sites will intensify.<\/p>\n<p><em>F5 Labs has also published a technical analysis of the ThinkPHP vulnerability and how the exploit code works, <a href=\"https:\/\/devcentral.f5.com\/articles\/thinkphp-5x-remote-code-execution-vulnerability-32902\" target=\"_blank\" rel=\"noopener noreferrer\">here<\/a>.<\/em><\/p>\n<h3>More cybersecurity coverage:<\/h3>\n<p>READ MORE <a href=\"https:\/\/www.zdnet.com\/article\/chinese-websites-have-been-under-attack-for-a-week-via-a-new-php-framework-bug\/#ftag=RSSbaffb68\">HERE<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>PoC for ThinkPHP security flaw sparks furious scans for vulnerable sites, most of which are based in China.<br \/>\nREAD MORE HERE&#8230;<\/p>\n","protected":false},"author":2,"featured_media":23168,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"colormag_page_layout":"default_layout","footnotes":""},"categories":[62],"tags":[],"class_list":["post-23167","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-zdnet-security"],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v27.7 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>Chinese websites have been under attack for a week via a new PHP framework bug 2026 | ThreatsHub Cybersecurity News<\/title>\n<meta name=\"description\" content=\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security &amp; Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.threatshub.org\/blog\/chinese-websites-have-been-under-attack-for-a-week-via-a-new-php-framework-bug\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Chinese websites have been under attack for a week via a new PHP framework bug 2026 | ThreatsHub Cybersecurity News\" \/>\n<meta property=\"og:description\" content=\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security &amp; Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.threatshub.org\/blog\/chinese-websites-have-been-under-attack-for-a-week-via-a-new-php-framework-bug\/\" \/>\n<meta property=\"og:site_name\" content=\"ThreatsHub Cybersecurity News\" \/>\n<meta property=\"article:published_time\" content=\"2018-12-21T20:16:01+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2018\/12\/chinese-websites-have-been-under-attack-for-a-week-via-a-new-php-framework-bug.png\" \/>\n\t<meta property=\"og:image:width\" content=\"1000\" \/>\n\t<meta property=\"og:image:height\" content=\"405\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/png\" \/>\n<meta name=\"author\" content=\"TH Author\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@threatshub\" \/>\n<meta name=\"twitter:site\" content=\"@threatshub\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"TH Author\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"3 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/chinese-websites-have-been-under-attack-for-a-week-via-a-new-php-framework-bug\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/chinese-websites-have-been-under-attack-for-a-week-via-a-new-php-framework-bug\\\/\"},\"author\":{\"name\":\"TH Author\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/person\\\/12e0a8671ff89a863584f193e7062476\"},\"headline\":\"Chinese websites have been under attack for a week via a new PHP framework bug\",\"datePublished\":\"2018-12-21T20:16:01+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/chinese-websites-have-been-under-attack-for-a-week-via-a-new-php-framework-bug\\\/\"},\"wordCount\":604,\"publisher\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/chinese-websites-have-been-under-attack-for-a-week-via-a-new-php-framework-bug\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2018\\\/12\\\/chinese-websites-have-been-under-attack-for-a-week-via-a-new-php-framework-bug.png\",\"articleSection\":[\"ZDNet | Security\"],\"inLanguage\":\"en-US\"},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/chinese-websites-have-been-under-attack-for-a-week-via-a-new-php-framework-bug\\\/\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/chinese-websites-have-been-under-attack-for-a-week-via-a-new-php-framework-bug\\\/\",\"name\":\"Chinese websites have been under attack for a week via a new PHP framework bug 2026 | ThreatsHub Cybersecurity News\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/chinese-websites-have-been-under-attack-for-a-week-via-a-new-php-framework-bug\\\/#primaryimage\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/chinese-websites-have-been-under-attack-for-a-week-via-a-new-php-framework-bug\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2018\\\/12\\\/chinese-websites-have-been-under-attack-for-a-week-via-a-new-php-framework-bug.png\",\"datePublished\":\"2018-12-21T20:16:01+00:00\",\"description\":\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/chinese-websites-have-been-under-attack-for-a-week-via-a-new-php-framework-bug\\\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/chinese-websites-have-been-under-attack-for-a-week-via-a-new-php-framework-bug\\\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/chinese-websites-have-been-under-attack-for-a-week-via-a-new-php-framework-bug\\\/#primaryimage\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2018\\\/12\\\/chinese-websites-have-been-under-attack-for-a-week-via-a-new-php-framework-bug.png\",\"contentUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2018\\\/12\\\/chinese-websites-have-been-under-attack-for-a-week-via-a-new-php-framework-bug.png\",\"width\":1000,\"height\":405},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/chinese-websites-have-been-under-attack-for-a-week-via-a-new-php-framework-bug\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Chinese websites have been under attack for a week via a new PHP framework bug\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#website\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\",\"name\":\"ThreatsHub Cybersecurity News\",\"description\":\"%%focuskw%% Threat Intel \u2013 Threat Intel Services \u2013 CyberIntelligence \u2013 Cyber Threat Intelligence - Threat Intelligence Feeds - Threat Intelligence Reports - CyberSecurity Report \u2013 Cyber Security PDF \u2013 Cybersecurity Trends - Cloud Sandbox \u2013- Threat IntelligencePortal \u2013 Incident Response \u2013 Threat Hunting \u2013 IOC - Yara - Security Operations Center \u2013 SecurityOperation Center \u2013 Security SOC \u2013 SOC Services - Advanced Threat - Threat Detection - TargetedAttack \u2013 APT \u2013 Anti-APT \u2013 Advanced Protection \u2013 Cyber Security Services \u2013 Cybersecurity Services -Threat Intelligence Platform\",\"publisher\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\"},\"alternateName\":\"Threatshub.org\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\",\"name\":\"ThreatsHub.org\",\"alternateName\":\"Threatshub.org\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2025\\\/05\\\/Threatshub_Favicon1.jpg\",\"contentUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2025\\\/05\\\/Threatshub_Favicon1.jpg\",\"width\":432,\"height\":435,\"caption\":\"ThreatsHub.org\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\"},\"sameAs\":[\"https:\\\/\\\/x.com\\\/threatshub\"]},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/person\\\/12e0a8671ff89a863584f193e7062476\",\"name\":\"TH Author\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"caption\":\"TH Author\"}}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Chinese websites have been under attack for a week via a new PHP framework bug 2026 | ThreatsHub Cybersecurity News","description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.threatshub.org\/blog\/chinese-websites-have-been-under-attack-for-a-week-via-a-new-php-framework-bug\/","og_locale":"en_US","og_type":"article","og_title":"Chinese websites have been under attack for a week via a new PHP framework bug 2026 | ThreatsHub Cybersecurity News","og_description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","og_url":"https:\/\/www.threatshub.org\/blog\/chinese-websites-have-been-under-attack-for-a-week-via-a-new-php-framework-bug\/","og_site_name":"ThreatsHub Cybersecurity News","article_published_time":"2018-12-21T20:16:01+00:00","og_image":[{"width":1000,"height":405,"url":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2018\/12\/chinese-websites-have-been-under-attack-for-a-week-via-a-new-php-framework-bug.png","type":"image\/png"}],"author":"TH Author","twitter_card":"summary_large_image","twitter_creator":"@threatshub","twitter_site":"@threatshub","twitter_misc":{"Written by":"TH Author","Est. reading time":"3 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.threatshub.org\/blog\/chinese-websites-have-been-under-attack-for-a-week-via-a-new-php-framework-bug\/#article","isPartOf":{"@id":"https:\/\/www.threatshub.org\/blog\/chinese-websites-have-been-under-attack-for-a-week-via-a-new-php-framework-bug\/"},"author":{"name":"TH Author","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/person\/12e0a8671ff89a863584f193e7062476"},"headline":"Chinese websites have been under attack for a week via a new PHP framework bug","datePublished":"2018-12-21T20:16:01+00:00","mainEntityOfPage":{"@id":"https:\/\/www.threatshub.org\/blog\/chinese-websites-have-been-under-attack-for-a-week-via-a-new-php-framework-bug\/"},"wordCount":604,"publisher":{"@id":"https:\/\/www.threatshub.org\/blog\/#organization"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/chinese-websites-have-been-under-attack-for-a-week-via-a-new-php-framework-bug\/#primaryimage"},"thumbnailUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2018\/12\/chinese-websites-have-been-under-attack-for-a-week-via-a-new-php-framework-bug.png","articleSection":["ZDNet | Security"],"inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/www.threatshub.org\/blog\/chinese-websites-have-been-under-attack-for-a-week-via-a-new-php-framework-bug\/","url":"https:\/\/www.threatshub.org\/blog\/chinese-websites-have-been-under-attack-for-a-week-via-a-new-php-framework-bug\/","name":"Chinese websites have been under attack for a week via a new PHP framework bug 2026 | ThreatsHub Cybersecurity News","isPartOf":{"@id":"https:\/\/www.threatshub.org\/blog\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.threatshub.org\/blog\/chinese-websites-have-been-under-attack-for-a-week-via-a-new-php-framework-bug\/#primaryimage"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/chinese-websites-have-been-under-attack-for-a-week-via-a-new-php-framework-bug\/#primaryimage"},"thumbnailUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2018\/12\/chinese-websites-have-been-under-attack-for-a-week-via-a-new-php-framework-bug.png","datePublished":"2018-12-21T20:16:01+00:00","description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","breadcrumb":{"@id":"https:\/\/www.threatshub.org\/blog\/chinese-websites-have-been-under-attack-for-a-week-via-a-new-php-framework-bug\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.threatshub.org\/blog\/chinese-websites-have-been-under-attack-for-a-week-via-a-new-php-framework-bug\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.threatshub.org\/blog\/chinese-websites-have-been-under-attack-for-a-week-via-a-new-php-framework-bug\/#primaryimage","url":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2018\/12\/chinese-websites-have-been-under-attack-for-a-week-via-a-new-php-framework-bug.png","contentUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2018\/12\/chinese-websites-have-been-under-attack-for-a-week-via-a-new-php-framework-bug.png","width":1000,"height":405},{"@type":"BreadcrumbList","@id":"https:\/\/www.threatshub.org\/blog\/chinese-websites-have-been-under-attack-for-a-week-via-a-new-php-framework-bug\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.threatshub.org\/blog\/"},{"@type":"ListItem","position":2,"name":"Chinese websites have been under attack for a week via a new PHP framework bug"}]},{"@type":"WebSite","@id":"https:\/\/www.threatshub.org\/blog\/#website","url":"https:\/\/www.threatshub.org\/blog\/","name":"ThreatsHub Cybersecurity News","description":"%%focuskw%% Threat Intel \u2013 Threat Intel Services \u2013 CyberIntelligence \u2013 Cyber Threat Intelligence - Threat Intelligence Feeds - Threat Intelligence Reports - CyberSecurity Report \u2013 Cyber Security PDF \u2013 Cybersecurity Trends - Cloud Sandbox \u2013- Threat IntelligencePortal \u2013 Incident Response \u2013 Threat Hunting \u2013 IOC - Yara - Security Operations Center \u2013 SecurityOperation Center \u2013 Security SOC \u2013 SOC Services - Advanced Threat - Threat Detection - TargetedAttack \u2013 APT \u2013 Anti-APT \u2013 Advanced Protection \u2013 Cyber Security Services \u2013 Cybersecurity Services -Threat Intelligence Platform","publisher":{"@id":"https:\/\/www.threatshub.org\/blog\/#organization"},"alternateName":"Threatshub.org","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.threatshub.org\/blog\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.threatshub.org\/blog\/#organization","name":"ThreatsHub.org","alternateName":"Threatshub.org","url":"https:\/\/www.threatshub.org\/blog\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/logo\/image\/","url":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2025\/05\/Threatshub_Favicon1.jpg","contentUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2025\/05\/Threatshub_Favicon1.jpg","width":432,"height":435,"caption":"ThreatsHub.org"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/x.com\/threatshub"]},{"@type":"Person","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/person\/12e0a8671ff89a863584f193e7062476","name":"TH Author","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","caption":"TH Author"}}]}},"_links":{"self":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts\/23167","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/comments?post=23167"}],"version-history":[{"count":0,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts\/23167\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/media\/23168"}],"wp:attachment":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/media?parent=23167"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/categories?post=23167"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/tags?post=23167"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}