Our Blog

Investigating an in-the-wild campaign using RCE in CraftCMS

Reading time: ~35 min

Posted by Nicolas Bourras on 18 April 2025

Categories: Analysis, Craft cms, Incident response, Ioc, Malware, Php, Post-exploitation, Threat hunting, Yii, Iocs, Post exploitation

Analysis
Craft cms
Incident response
Ioc
Malware
Php
Post-exploitation
Threat hunting
Yii
Iocs
Post exploitation

Introduction In mid-February, Orange Cyberdefense’s CSIRT was tasked with investigating a server that had been hosting a now-unavailable website. The...

Our Blog

Investigating an in-the-wild campaign using RCE in CraftCMS