Hackers exploited a critical zero-day vulnerability in the KnowledgeDeliver learning management system, allowing them to deploy the Godzilla web shell and execute remote code due to a shared hardcoded machine key used across multiple deployments. This exploitation involved a ViewState deserialization attack, leading to the injection of malicious scripts and the installation of a backdoor on affected systems.
The most valuable insight for you is the exploitation of a zero-day vulnerability in the KnowledgeDeliver LMS due to hardcoded ASP.NET machine keys, which facilitated ViewState deserialization attacks. To mitigate such risks, it's critical to audit and replace standardized configuration files that contain hardcoded keys, ensuring unique encryption keys are deployed across all systems to prevent similar remote code execution vulnerabilities.