Security News > 2023 > September > Hackers actively exploiting Openfire flaw to encrypt servers
Hackers are actively exploiting a high-severity vulnerability in Openfire messaging servers to encrypt servers with ransomware and deploy cryptominers.
Although Openfire fixed the issue with versions 4.6.8, 4.7.5, and 4.8.0, released in May 2023, VulnCheck reported that by mid-August 2023, over 3,000 Openfire servers were still running a vulnerable version.
BleepingComputer has found multiple reports from customers saying their Openfire servers were encrypted with ransomware, with one stating that the files were encrypted with the.
BleepingComputer is aware of Openfire servers encrypted by this ransomware in June.
The threat actor does not appear to solely target Openfire servers, but any vulnerable web server.
Over 3,000 Openfire servers vulnerable to takover attacks.
News URL
Related news
- RedCurl cyberspies create ransomware to encrypt Hyper-V servers (source)
- ASUS releases fix for AMI bug that lets hackers brick servers (source)
- Hackers Exploit Critical Craft CMS Flaws; Hundreds of Servers Likely Compromised (source)
- Chinese hackers behind attacks targeting SAP NetWeaver servers (source)
- Türkiye Hackers Exploited Output Messenger Zero-Day to Drop Golang Backdoors on Kurdish Servers (source)
- Russia-linked hackers target webmail servers in Ukraine-related espionage operation (source)