Security News > 2023 > November > HelloKitty ransomware now exploiting Apache ActiveMQ flaw in attacks
The HelloKitty ransomware operation is exploiting a recently disclosed Apache ActiveMQ remote code execution flaw to breach networks and encrypt devices.
Yesterday, Rapid7 reported that they had seen at least two distinct cases of threat actors exploiting CVE-2023-46604 in customer environments to deploy HelloKitty ransomware binaries and extort the targeted organizations.
HelloKitty is a ransomware operation that launched in November 2020 and recently had its source code leaked on a Russian-speaking cybercrime forums making it available to anyone.
The Rapid7 report contains information about the latest HelloKitty indicators of compromise, but more comprehensive data on that front can be found in this FBI report focused on the ransomware family.
3,000 Apache ActiveMQ servers vulnerable to RCE attacks exposed online.
Ransomware gangs now exploiting critical TeamCity RCE flaw.
News URL
Related news
- Southern Water says Black Basta ransomware attack cost £4.5M in expenses (source)
- Qilin ransomware claims attack at Lee Enterprises, leaks stolen data (source)
- Ransomware gangs exploit Paragon Partition Manager bug in BYOVD attacks (source)
- Hackers Exploit Paragon Partition Manager Driver Vulnerability in Ransomware Attacks (source)
- Hunters International ransomware claims attack on Tata Technologies (source)
- Toronto Zoo shares update on last year's ransomware attack (source)
- Ransomware gang creates tool to automate VPN brute-force attacks (source)
- SANS Institute Warns of Novel Cloud-Native Ransomware Attacks (source)
- ⚡ THN Weekly Recap: Router Hacks, PyPI Attacks, New Ransomware Decryptor, and More (source)
- Critical RCE flaw in Apache Tomcat actively exploited in attacks (source)
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-10-27 | CVE-2023-46604 | The Java OpenWire protocol marshaller is vulnerable to Remote Code Execution. | 9.8 |