top of page
  • Clipeus

Exploitation Of Apache ActiveMQ Vulnerability Continues

The Apache ActiveMQ vulnerability (CVE-2023-46604), previously associated with various threat streams including ransomware deployment (HelloKitty and LockBit), botnets like Kinsing and Ddostf, and the Lazarus APT, is currently being actively exploited by three additional threats based on a Fortinet report:

  • GoTitan botnet, designed for carrying out DDoS attacks.

  • PrCtrl RAT, a trojanized backdoor.

  • Sliver, a framework for penetration testing that has been frequently misused. It is often employed as an alternative to the more widely known Cobalt Strike.

Clipeus recommends referring to previous reports for full context and also encourages reviewing the Ransomware Watch page, which identifies this vulnerability as one of the primary vectors for ransomware attacks at the moment.

Comments


Commenting has been turned off.

If you are interested in specifics or additional insights on the threats above or any other threat, please visit our dedicated service page or reach out to info@clipeusintelligence.com with your inquiry. We would be glad to assist you

bottom of page