Security News > 2023 > November > Critical Apache ActiveMQ flaw under attack by 'clumsy' ransomware crims
![Critical Apache ActiveMQ flaw under attack by 'clumsy' ransomware crims](/static/build/img/news/critical-apache-activemq-flaw-under-attack-by-clumsy-ransomware-crims-medium.jpg)
Security researchers have confirmed that ransomware criminals are capitalizing on a maximum-severity vulnerability in Apache ActiveMQ. Announced on October 25 and tracked as CVE-2023-46604, the insecure deserialization vulnerability allows for remote code execution on affected versions.
"Apache ActiveMQ is vulnerable to remote code execution," Apache said in its advisory.
"Based on the ransom note and available evidence, we attribute the activity to the HelloKitty ransomware family, whose source code was leaked on a forum in early October," it said.
There remains a possibility that a lone attacker could have used the source code of the group's 2020 variant that was leaked last month in the attacks.
The experts' assessment of the attempts to deploy ransomware was that they were "Clumsy." Indicating a potentially low-skill individual being behind the attacks, Rapid7 said more than half a dozen attempts to encrypt files were made - all of which were unsuccessful.
Internet security non-profit Shadowserver started tracking vulnerable Apache ActiveMQ services on October 30 and found that almost half of all reachable services were vulnerable to CVE-2023-46604.
News URL
https://go.theregister.com/feed/www.theregister.com/2023/11/02/apache_activemq_vulnerability/
Related news
- London hospitals left in critical condition after ransomware attack (source)
- Critical Apache HugeGraph Vulnerability Under Attack - Patch ASAP (source)
- Major London hospitals disrupted by Synnovis ransomware attack (source)
- Qilin ransomware gang linked to attack on London hospitals (source)
- Muhstik Botnet Exploiting Apache RocketMQ Flaw to Expand DDoS Attacks (source)
- London hospitals face blood shortage after Synnovis ransomware attack (source)
- Black Basta ransomware gang linked to Windows zero-day attacks (source)
- Panera warns of employee data breach after March ransomware attack (source)
- Toronto District School Board hit by a ransomware attack (source)
- CISA warns of Windows bug exploited in ransomware attacks (source)
Related Vulnerability
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2023-10-27 | CVE-2023-46604 | Deserialization of Untrusted Data vulnerability in multiple products The Java OpenWire protocol marshaller is vulnerable to Remote Code Execution. | 9.8 |