Threat actors have begun leveraging the critical Apache ActiveMQ vulnerability, tracked as CVE-2023-46604, to facilitate the distribution of the Golang-based GoTitan botnet and PrCtrl Rat, a .NET program, as well as the Sliver, Kinsing, and Ddostff malware strains, Hackread reports.
Attacks exploiting CVE-2023-46604 to deploy the newly discovered GoTitan botnet involved the usage of the OpenWire protocol to create a connection with the vulnerable ActiveMQ server to eventually prompt the retrieval of a malicious XML file to execute the botnet, a report from Fortinet's FortiGuard Labs revealed.
Installation of GoTitan, which has the capability to leverage ten different distributed denial-of-service attack-launching techniques, triggers self-replication within the system and the retrieval of the command-and-control server's IP address to enable the transmission of compromised system data, including memory and architecture details, as well as CPU specifications, according to researchers.
Organizations with vulnerable ActiveMQ instances have been urged to immediately remediate the flaw.
Vulnerability Management, Patch/Configuration Management, Malware
Numerous malware spread in ongoing Apache ActiveMQ flaw exploitation
Share
Related Events
Get daily email updates
SC Media's daily must-read of the most current and pressing daily news