Security News > 2023 > September > Hackers actively exploiting Openfire flaw to encrypt servers
Hackers are actively exploiting a high-severity vulnerability in Openfire messaging servers to encrypt servers with ransomware and deploy cryptominers.
Although Openfire fixed the issue with versions 4.6.8, 4.7.5, and 4.8.0, released in May 2023, VulnCheck reported that by mid-August 2023, over 3,000 Openfire servers were still running a vulnerable version.
BleepingComputer has found multiple reports from customers saying their Openfire servers were encrypted with ransomware, with one stating that the files were encrypted with the.
BleepingComputer is aware of Openfire servers encrypted by this ransomware in June.
The threat actor does not appear to solely target Openfire servers, but any vulnerable web server.
Over 3,000 Openfire servers vulnerable to takover attacks.
News URL
Related news
- Hackers exploit ProjectSend flaw to backdoor exposed servers (source)
- Russian hackers hijack Pakistani hackers' servers for their own attacks (source)
- Russian hackers hijack Pakistani hackers' servers for their own attacks (source)
- Russia-Linked Turla Exploits Pakistani Hackers' Servers to Target Afghan and Indian Entities (source)
- APT29 Hackers Target High-Value Victims Using Rogue RDP Servers and PyRDP (source)