Mauri Ransomware Threat Actors Exploiting Apache ActiveMQ Vulnerability (CVE-2023-46604)
NetmanageIT OpenCTI - opencti.netmanageit.com
SUMMARY :
Threat actors are exploiting the CVE-2023-46604 vulnerability in Apache ActiveMQ to attack Korean systems, particularly using Mauri ransomware. The vulnerability allows remote code execution on unpatched servers. Attackers use XML configuration files to add backdoor accounts, install remote access tools like Quasar RAT, and set up proxies using Frpc. The Mauri ransomware, based on open-source code, is found on the attacker's server with customized configurations. While primarily targeting cryptocurrency mining, some cases involve system control and potential data theft. System administrators are urged to patch vulnerable Apache ActiveMQ versions and implement security measures to prevent attacks.
OPENCTI LABELS :
quasar rat,cve-2023-46604,mauri ransomware,apache activemq
Open in NetmanageIT OpenCTI Public Instance with below link!
Use public read only username and password on login page.
NOTE : Use Public READ only user credentials on login page banner.
Mauri Ransomware Threat Actors Exploiting Apache ActiveMQ Vulnerability (CVE-2023-46604)