Apache ActiveMQ Under Attack: Mustang Panda Exploits Old Vulnerability
Cybersecurity experts have warned of ongoing attacks exploiting a three-year-old vulnerability in Apache ActiveMQ, a popular open-source message broker software. The Mustang Panda hacker group has allegedly been using this flaw to deploy malware and ransomware, with a high risk of successful exploitation.
The vulnerability, identified as CVE-2023-46604, allows attackers to gain persistence on compromised systems. They have been using advanced techniques to evade detection, such as DLL sideloading, anti-analysis methods, and environment checks. Once access is gained, attackers deploy malicious software like Godzilla Webshell, Ransomhub, and DripDropper ransomware. In some cases, attackers have altered SSH settings to allow root logins, providing full system control.
Red Canary, a cybersecurity firm, reports a 94% Exploit Prediction Score (EPSS) risk for this vulnerability. Recent exploitation attempts have been observed by Rapid7 and Trustwave researchers. In one instance, attackers used tools like Sliver and Cloudflare Tunnels to maintain long-term access to compromised systems.
Organizations using Apache ActiveMQ are urged to patch the vulnerability immediately to prevent further attacks. Regular system monitoring and up-to-date security measures are crucial to detect and mitigate potential threats. Further research is ongoing to understand the full extent and impact of these attacks.
Read also:
- HLC Approves ₹4,645.60 Crore for Flood Recovery and Wetland Rejuvenation in Nine States
- Crooked House Pub's Demolition: Council Orders Rebuild, Debate on Historic Building Protections
- Shaping India's Economic Progression: Readying the Financial System for Tomorrow
- Ethiopia's Grand Dam: 15,000 Lives Lost, Water Concerns Unresolved
