Security News > 2022 > April > Attackers exploit Spring4Shell flaw to let loose the Mirai botnet
There has been a land rush of sorts among threat groups trying to use the vulnerability discovered in the open-source Spring Framework last month, and now researchers at Trend Micro are saying it's being actively exploited to execute the Mirai botnet.
The Mirai malware is a long-running threat that has been around since 2016 and is used to pull smaller networked and Internet of Things devices such as IP cameras and routers into a botnet that can then be used in such campaigns as distributed denial-of-service and phishing attacks.
The Trend Micro researchers wrote in a post that they observed the bad actors weaponizing and executing the Mirai malware on vulnerable servers in the Singapore region via the Spring4Shell vulnerability, tracked as CVE-2022-22965.
Researchers with Qihoo 360 wrote in a blog post that a day after Spring issued its advisory, they saw an increase in attempts to exploit the flaw, with a Mirai variant winning "The race as the first botnet that adopted this vulnerability."
Analysts with Palo Alto Networks' Unit42 threat intelligence group wrote that they expect Spring4Shell to "Become fully weaponized and abused on a larger scale," because the exploitation of the flaw is "Straightforward and all the relevant technical details have already gone viral on the internet."
It's not surprising that the Linux-based malware is popular among threat actors looking to exploit Spring4Shell.
News URL
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-04-01 | CVE-2022-22965 | Code Injection vulnerability in multiple products A Spring MVC or Spring WebFlux application running on JDK 9+ may be vulnerable to remote code execution (RCE) via data binding. | 9.8 |