Key Points

  1. Only a few days after the ThinkPHP vulnerability was discovered, it is already being exploited on the Internet.
  2. Almost 46,000 servers, most of which are located in China, are potential targets for this exploit.
  3. Multiple campaigns have been launched simultaneously by different threat actors, which might suggest the infection potential.
  4. Campaigns vary from reconnaissance and uploading of back doors to deploying a variant of the Mirai IoT malware.

https://www.f5.com/labs/articles/threat-intelligence/threat-actors-rapidly-adopt-new-thinkphp-rce-exploit-to-spread-i