{"id":47947,"date":"2026-05-13T15:53:33","date_gmt":"2026-05-13T08:53:33","guid":{"rendered":"https:\/\/antoanthongtinhaiphong.gov.vn\/?p=47947"},"modified":"2026-05-29T15:54:22","modified_gmt":"2026-05-29T08:54:22","slug":"chien-dich-tan-cong-cpanel-leo-thang-xuat-hien-nhom-apt-khai-thac-sau-cve-2026-41940","status":"publish","type":"post","link":"https:\/\/antoanthongtinhaiphong.gov.vn\/chien-dich-tan-cong-cpanel-leo-thang-xuat-hien-nhom-apt-khai-thac-sau-cve-2026-41940\/","title":{"rendered":"Chi\u1ebfn d\u1ecbch t\u1ea5n c\u00f4ng cPanel leo thang, xu\u1ea5t hi\u1ec7n nh\u00f3m APT khai th\u00e1c s\u00e2u CVE-2026-41940"},"content":{"rendered":"<div><b>Cu\u1ed1i th\u00e1ng 4\/2026, WhiteHat \u0111\u00e3 c\u1ea3nh b\u00e1o v\u1ec1 l\u1ed7 h\u1ed5ng nghi\u00eam tr\u1ecdng CVE-2026-41940 tr\u00ean cPanel\/WHM. Th\u1eddi \u0111i\u1ec3m \u0111\u00f3, v\u1ea5n \u0111\u1ec1 ch\u1ee7 y\u1ebfu \u0111\u01b0\u1ee3c nh\u00ecn nh\u1eadn nh\u01b0 m\u1ed9t l\u1ed7 h\u1ed5ng nguy hi\u1ec3m c\u00f3 kh\u1ea3 n\u0103ng b\u1ecb khai th\u00e1c r\u1ed9ng r\u00e3i. Tuy nhi\u00ean, d\u1eef li\u1ec7u sau \u0111\u00f3 cho th\u1ea5y t\u00ecnh h\u00ecnh nghi\u00eam tr\u1ecdng h\u01a1n nhi\u1ec1u.<\/b><\/p>\n<p>L\u1ed7 h\u1ed5ng n\u00e0y th\u1ef1c t\u1ebf \u0111\u00e3 b\u1ecb khai th\u00e1c t\u1eeb th\u00e1ng 2\/2026 d\u01b0\u1edbi d\u1ea1ng zero-day tr\u01b0\u1edbc khi th\u00f4ng tin \u0111\u01b0\u1ee3c c\u00f4ng b\u1ed1. Khi m\u00e3 khai th\u00e1c (PoC) b\u1ecb ph\u00e1t t\u00e1n c\u00f4ng khai, c\u00e1c chi\u1ebfn d\u1ecbch qu\u00e9t v\u00e0 t\u1ea5n c\u00f4ng t\u1ef1 \u0111\u1ed9ng nhanh ch\u00f3ng b\u00f9ng n\u1ed5, \u1ea3nh h\u01b0\u1edfng t\u1edbi h\u00e0ng ch\u1ee5c ngh\u00ecn h\u1ec7 th\u1ed1ng tr\u00ean to\u00e0n c\u1ea7u.<\/p>\n<p>V\u1ea5n \u0111\u1ec1 n\u1eb1m \u1edf vi\u1ec7c l\u1ed7 h\u1ed5ng cho ph\u00e9p b\u1ecf qua x\u00e1c th\u1ef1c v\u00e0 chi\u1ebfm quy\u1ec1n root, \u0111\u1ed3ng ngh\u0129a v\u1edbi vi\u1ec7c k\u1ebb t\u1ea5n c\u00f4ng c\u00f3 th\u1ec3 ki\u1ec3m so\u00e1t ho\u00e0n to\u00e0n m\u00e1y ch\u1ee7 hosting.<br \/>\n\u200b<\/p><\/div>\n<div>\n<div class=\"bbImageWrapper  js-lbImage\" title=\"1778581285984.png\" data-src=\"https:\/\/whitehat.vn\/attachments\/1778581285984-png.19005\/\" data-lb-sidebar-href=\"\" data-lb-caption-extra-html=\"\" data-single-image=\"1\"><img loading=\"lazy\" decoding=\"async\" class=\"bbImage\" title=\"1778581285984.png\" src=\"https:\/\/whitehat.vn\/attachments\/1778581285984-png.19005\/\" alt=\"1778581285984.png\" width=\"806\" height=\"419\" data-url=\"\" data-zoom-target=\"1\" \/><\/div>\n<\/div>\n<div><b>Xu\u1ea5t hi\u1ec7n t\u1ea5n c\u00f4ng c\u00f3 t\u1ed5 ch\u1ee9c<\/b>\u200b<\/div>\n<div>N\u1ebfu giai \u0111o\u1ea1n \u0111\u1ea7u ch\u1ee7 y\u1ebfu l\u00e0 khai th\u00e1c di\u1ec7n r\u1ed9ng mang t\u00ednh c\u01a1 h\u1ed9i, th\u00ec c\u00e1c th\u00f4ng tin m\u1edbi cho th\u1ea5y chi\u1ebfn d\u1ecbch \u0111\u00e3 b\u01b0\u1edbc sang m\u1ed9t c\u1ea5p \u0111\u1ed9 kh\u00e1c.<\/p>\n<p>C\u1ee5 th\u1ec3, s\u1ef1 xu\u1ea5t hi\u1ec7n c\u1ee7a nh\u00f3m tin t\u1eb7c Mr_Rot13 cho th\u1ea5y d\u1ea5u hi\u1ec7u c\u1ee7a m\u1ed9t chi\u1ebfn d\u1ecbch c\u00f3 t\u1ed5 ch\u1ee9c v\u00e0 m\u1ee5c ti\u00eau r\u00f5 r\u00e0ng. Nh\u00f3m n\u00e0y kh\u00f4ng ch\u1ec9 khai th\u00e1c l\u1ed7 h\u1ed5ng \u0111\u1ec3 x\u00e2m nh\u1eadp, m\u00e0 c\u00f2n tri\u1ec3n khai h\u00e0ng lo\u1ea1t k\u1ef9 thu\u1eadt nh\u1eb1m duy tr\u00ec quy\u1ec1n truy c\u1eadp l\u00e2u d\u00e0i. Ch\u00fang c\u00e0i \u0111\u1eb7t SSH key tr\u00e1i ph\u00e9p, s\u1eed d\u1ee5ng webshell l\u00e0m k\u00eanh d\u1ef1 ph\u00f2ng, \u0111\u1ed3ng th\u1eddi ch\u1ec9nh s\u1eeda giao di\u1ec7n \u0111\u0103ng nh\u1eadp \u0111\u1ec3 \u00e2m th\u1ea7m thu th\u1eadp th\u00f4ng tin t\u00e0i kho\u1ea3n qu\u1ea3n tr\u1ecb.<\/p>\n<p>B\u00ean c\u1ea1nh \u0111\u00f3, c\u00e1c backdoor \u0111a n\u1ec1n t\u1ea3ng \u0111\u01b0\u1ee3c c\u00e0i \u0111\u1eb7t cho ph\u00e9p \u0111i\u1ec1u khi\u1ec3n h\u1ec7 th\u1ed1ng t\u1eeb xa m\u1ed9t c\u00e1ch linh ho\u1ea1t. Ho\u1ea1t \u0111\u1ed9ng t\u1ea5n c\u00f4ng c\u0169ng \u0111\u01b0\u1ee3c t\u1ef1 \u0111\u1ed9ng h\u00f3a \u1edf quy m\u00f4 l\u1edbn, v\u1edbi h\u00e0ng ngh\u00ecn \u0111\u1ecba ch\u1ec9 IP tham gia tr\u00ean to\u00e0n c\u1ea7u.<br \/>\n\u200b<\/p><\/div>\n<div>\n<div class=\"bbImageWrapper  js-lbImage\" title=\"1778581302172.png\" data-src=\"https:\/\/whitehat.vn\/attachments\/1778581302172-png.19006\/\" data-lb-sidebar-href=\"\" data-lb-caption-extra-html=\"\" data-single-image=\"1\" data-fancybox=\"lb-thread-19555\" data-caption=\"&lt;h4&gt;1778581302172.png&lt;\/h4&gt;&lt;p&gt;&lt;a href=&quot;https:&amp;#x2F;&amp;#x2F;whitehat.vn&amp;#x2F;threads&amp;#x2F;chien-dich-tan-cong-cpanel-leo-thang-xuat-hien-nhom-apt-khai-thac-sau-cve-2026-41940.19555&amp;#x2F;#post-45119&quot; class=&quot;js-lightboxCloser&quot;&gt;WhiteHat Team \u00b7 12&amp;#x2F;05&amp;#x2F;2026 l\u00fac 5:23 PM&lt;\/a&gt;&lt;\/p&gt;\"><img loading=\"lazy\" decoding=\"async\" class=\"bbImage\" title=\"1778581302172.png\" src=\"https:\/\/whitehat.vn\/attachments\/1778581302172-png.19006\/\" alt=\"1778581302172.png\" width=\"1536\" height=\"717\" data-url=\"\" data-zoom-target=\"1\" \/><\/div>\n<p><i>M\u00e3 JavaScript \u0111\u01b0\u1ee3c ch\u00e8n v\u00e0o (\u1ea2nh: xlab)<\/i>\u200b<\/div>\n<div>T\u1eeb t\u1ea5n c\u00f4ng di\u1ec7n r\u1ed9ng \u0111\u1ebfn x\u00e2m nh\u1eadp c\u00f3 ch\u1ee7 \u0111\u00edch\u200b<\/div>\n<div>\u0110\u00e1ng lo nh\u1ea5t l\u00e0 s\u1ef1 thay \u0111\u1ed5i v\u1ec1 m\u1ee5c ti\u00eau. N\u1ebfu tr\u01b0\u1edbc \u0111\u00e2y c\u00e1c chi\u1ebfn d\u1ecbch ch\u1ee7 y\u1ebfu nh\u1eb1m ph\u00e1t t\u00e1n botnet ho\u1eb7c ransomware, th\u00ec hi\u1ec7n t\u1ea1i \u0111\u00e3 ghi nh\u1eadn c\u00e1c v\u1ee5 x\u00e2m nh\u1eadp v\u00e0o h\u1ec7 th\u1ed1ng nh\u1ea1y c\u1ea3m t\u1ea1i \u0110\u00f4ng Nam \u00c1, k\u00e8m theo ho\u1ea1t \u0111\u1ed9ng \u0111\u00e1nh c\u1eafp d\u1eef li\u1ec7u quy m\u00f4 l\u1edbn.<\/p>\n<p>\u0110i\u1ec1u n\u00e0y cho th\u1ea5y tin t\u1eb7c kh\u00f4ng c\u00f2n d\u1eebng \u1edf ph\u00e1 ho\u1ea1i hay ki\u1ebfm l\u1ee3i ng\u1eafn h\u1ea1n, m\u00e0 \u0111ang chuy\u1ec3n sang duy tr\u00ec truy c\u1eadp, theo d\u00f5i v\u00e0 khai th\u00e1c d\u1eef li\u1ec7u d\u00e0i h\u1ea1n. \u0110\u00e2y l\u00e0 \u0111\u1eb7c tr\u01b0ng \u0111i\u1ec3n h\u00ecnh c\u1ee7a c\u00e1c chi\u1ebfn d\u1ecbch APT ho\u1eb7c gi\u00e1n \u0111i\u1ec7p m\u1ea1ng.<br \/>\n\u200b<\/p><\/div>\n<div>\n<div class=\"bbImageWrapper  js-lbImage\" title=\"1778581338855.png\" data-src=\"https:\/\/whitehat.vn\/attachments\/1778581338855-png.19007\/\" data-lb-sidebar-href=\"\" data-lb-caption-extra-html=\"\" data-single-image=\"1\"><img loading=\"lazy\" decoding=\"async\" class=\"bbImage\" title=\"1778581338855.png\" src=\"https:\/\/whitehat.vn\/attachments\/1778581338855-png.19007\/\" alt=\"1778581338855.png\" width=\"715\" height=\"280\" data-url=\"\" data-zoom-target=\"1\" \/><\/div>\n<p><i>Qu\u1ea3n l\u00fd t\u1eeb xa c\u00e1c h\u1ec7 th\u1ed1ng b\u1ecb x\u00e2m nh\u1eadp th\u00f4ng qua trang web (\u1ea2nh: Xlab)<\/i>\u200b<\/div>\n<div>\nM\u1eb7c d\u00f9 cPanel \u0111\u00e3 ph\u00e1t h\u00e0nh b\u1ea3n v\u00e1 cho CVE-2026-41940 v\u00e0 nhi\u1ec1u h\u1ec7 th\u1ed1ng \u0111\u00e3 c\u1eadp nh\u1eadt, r\u1ee7i ro v\u1eabn c\u00f2n hi\u1ec7n h\u1eefu do kh\u00f4ng \u00edt m\u00e1y ch\u1ee7 c\u00f3 th\u1ec3 \u0111\u00e3 b\u1ecb x\u00e2m nh\u1eadp tr\u01b0\u1edbc \u0111\u00f3. V\u00ec v\u1eady, \u201c\u0111\u00e3 v\u00e1\u201d kh\u00f4ng \u0111\u1ed3ng ngh\u0129a v\u1edbi \u201c\u0111\u00e3 an to\u00e0n\u201d, khi tin t\u1eb7c c\u00f3 th\u1ec3 \u0111\u00e3 c\u00e0i backdoor ho\u1eb7c SSH key tr\u00e1i ph\u00e9p \u0111\u1ec3 duy tr\u00ec truy c\u1eadp.<\/p>\n<p>L\u1ed7 h\u1ed5ng n\u00e0y hi\u1ec7n \u0111\u00e3 tr\u1edf th\u00e0nh m\u1ed9t ph\u1ea7n c\u1ee7a chi\u1ebfn d\u1ecbch t\u1ea5n c\u00f4ng nhi\u1ec1u giai \u0111o\u1ea1n tr\u00ean quy m\u00f4 to\u00e0n c\u1ea7u, nh\u1eafm tr\u1ef1c ti\u1ebfp v\u00e0o h\u1ea1 t\u1ea7ng hosting. V\u1edbi m\u1ee9c \u0111\u1ed9 ph\u1ed5 bi\u1ebfn c\u1ee7a cPanel, nguy c\u01a1 \u1ea3nh h\u01b0\u1edfng \u0111\u1ebfn website, email v\u00e0 d\u1eef li\u1ec7u doanh nghi\u1ec7p l\u00e0 r\u1ea5t l\u1edbn.<\/p>\n<p>\u0110\u00e1ng ch\u00fa \u00fd, \u0110\u00f4ng Nam \u00c1, bao g\u1ed3m Vi\u1ec7t Nam \u0111\u00e3 n\u1eb1m trong danh s\u00e1ch m\u1ee5c ti\u00eau. Do \u0111\u00f3, c\u00e1c t\u1ed5 ch\u1ee9c c\u1ea7n coi \u0111\u00e2y l\u00e0 s\u1ef1 c\u1ed1 \u0111ang di\u1ec5n ra, ch\u1ee7 \u0111\u1ed9ng ki\u1ec3m tra log, r\u00e0 so\u00e1t truy c\u1eadp b\u1ea5t th\u01b0\u1eddng v\u00e0 thay \u0111\u1ed5i to\u00e0n b\u1ed9 th\u00f4ng tin x\u00e1c th\u1ef1c n\u1ebfu t\u1eebng ch\u1eadm v\u00e1.<\/p>\n<p>Tr\u1ecdng t\u00e2m hi\u1ec7n nay kh\u00f4ng ch\u1ec9 l\u00e0 c\u1eadp nh\u1eadt, m\u00e0 l\u00e0 x\u00e1c \u0111\u1ecbnh h\u1ec7 th\u1ed1ng \u0111\u00e3 b\u1ecb x\u00e2m nh\u1eadp hay ch\u01b0a.\u200b<\/p><\/div>\n<div style=\"text-align: right;\">\n<b><i>Theo Cyber Press<\/i><\/b><\/div>\n","protected":false},"excerpt":{"rendered":"<p>Cu\u1ed1i th\u00e1ng 4\/2026, WhiteHat \u0111\u00e3 c\u1ea3nh b\u00e1o v\u1ec1 l\u1ed7 h\u1ed5ng nghi\u00eam tr\u1ecdng CVE-2026-41940 tr\u00ean cPanel\/WHM. Th\u1eddi \u0111i\u1ec3m \u0111\u00f3, v\u1ea5n \u0111\u1ec1 ch\u1ee7 y\u1ebfu \u0111\u01b0\u1ee3c nh\u00ecn nh\u1eadn nh\u01b0 m\u1ed9t l\u1ed7 h\u1ed5ng nguy hi\u1ec3m c\u00f3 kh\u1ea3 n\u0103ng b\u1ecb khai th\u00e1c r\u1ed9ng r\u00e3i. Tuy nhi\u00ean, d\u1eef li\u1ec7u sau \u0111\u00f3 cho th\u1ea5y t\u00ecnh h\u00ecnh nghi\u00eam tr\u1ecdng h\u01a1n nhi\u1ec1u. L\u1ed7 h\u1ed5ng [&hellip;]<\/p>\n","protected":false},"author":20,"featured_media":47948,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"tdm_status":"","tdm_grid_status":"","footnotes":""},"categories":[3,24,35],"tags":[],"class_list":["post-47947","post","type-post","status-publish","format-standard","has-post-thumbnail","category-canh-bao-khuyen-nghi","category-tin-noi-bat","category-tin-tuc-su-kien"],"amp_enabled":true,"_links":{"self":[{"href":"https:\/\/antoanthongtinhaiphong.gov.vn\/wp-json\/wp\/v2\/posts\/47947","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/antoanthongtinhaiphong.gov.vn\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/antoanthongtinhaiphong.gov.vn\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/antoanthongtinhaiphong.gov.vn\/wp-json\/wp\/v2\/users\/20"}],"replies":[{"embeddable":true,"href":"https:\/\/antoanthongtinhaiphong.gov.vn\/wp-json\/wp\/v2\/comments?post=47947"}],"version-history":[{"count":1,"href":"https:\/\/antoanthongtinhaiphong.gov.vn\/wp-json\/wp\/v2\/posts\/47947\/revisions"}],"predecessor-version":[{"id":47949,"href":"https:\/\/antoanthongtinhaiphong.gov.vn\/wp-json\/wp\/v2\/posts\/47947\/revisions\/47949"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/antoanthongtinhaiphong.gov.vn\/wp-json\/wp\/v2\/media\/47948"}],"wp:attachment":[{"href":"https:\/\/antoanthongtinhaiphong.gov.vn\/wp-json\/wp\/v2\/media?parent=47947"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/antoanthongtinhaiphong.gov.vn\/wp-json\/wp\/v2\/categories?post=47947"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/antoanthongtinhaiphong.gov.vn\/wp-json\/wp\/v2\/tags?post=47947"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}