Tencent Yushen Threat Intelligence Center issued a document saying that the Guardian Threat Intelligence Center recently detected that the "Agwl" gang has launched another attack on the phpStudy website server. After the attack is "upgraded", the hacked server will download and release the "Eternal Blue" vulnerability. Attack, SQL blast attack. If the blasting attack is successful, the embedded Trojan http[:]//down.us-hack.ru/wk.exe is downloaded via cmd_shell. The Solr vulnerability (CVE-2019-0193) uses three attacks to further spread the virus. The attack by the "Agwl" gang has affected more than 10,000 servers, affecting severely in Beijing, Guangdong and Zhejiang.