Connect with us

Hi, what are you looking for?

Hard News Hard Hitting News Source Global Political News

Cyber Security

Attackers are abusing Spring4Shell vulnerability to spread Mirai botnet malware

Miscreants have started abusing the recently discovered Spring4Shell vulnerability as a vector for the spread of the Mirai botnet.

Trend Micro researchers have noticed the active exploitation of Spring4Shell – a critical vulnerability in VMWare’s Spring Framework’s Java-based Core module – to hack into unpatched devices before infecting them with the Mirai malware.

Exploitation began at the start of April in attacks focused on systems in Singapore, according to Trend Micro.

Abusing the Spring4Shell vulnerability (CVE-2022-22965) allows “threat actors to download the Mirai sample to the /tmp folder and execute them after permission change using chmod”, a blog post by Trend Micro explains.

The vulnerability can be used to trigger remote code execution in Spring Core applications under non-default circumstances. The security bug should not be confused with CVE-2022-22963 – a separate security vulnerability affecting the Spring Cloud Function.

Servers under attack

Spring4Shell affects Spring Framework versions before 5.2.20, 5.3.18, and Java Development Kit (JDK) version 9 or higher. Apache Tomcat is also affected – the web server environment against which Trend Micro detected attacks against its clients’ systems.

As previously reported, the CVE-2022-22965 has also been identified in limited but in-the-wild exploitation, spurring warnings by both the US Cybersecurity and Infrastructure Security Agency and Microsoft’s Threat Intelligence Team. Microsoft said that the threat had cropped up in attacks against its cloud-based services.

Mirai is a strain of malware that turns networking devices running Linux into drones in a botnet network. The malware first surfaced in August 2016 and primarily affected hardware devices such as IP cameras and home routers.

It rose to prominence because of its subsequent abuse in several high-profile attacks, including a hugely disruptive attack against DNS provider Dyn in October 2016.

The Daily Swig asked Trend Micro a series of questions about the exploitation of Spring4Shell to spread Mirai. No word back as yet, but we’ll update this story as and when we hear more.

Source: https://portswigger.net/daily-swig/attackers-are-abusing-spring4shell-vulnerability-to-spread-mirai-botnet-malware

Click to comment

Leave a Reply

Your email address will not be published. Required fields are marked *

You May Also Like

Cyber Security

Telegram Messenger offers global, cloud-based instant messaging with several features:- Cybersecurity researchers at Securlist recently found several Telegram mods on Google Play in various...

Cyber Security

AttackCrypt, an open-source “crypter,” was recently used by cybercriminals to hide malware binaries and avoid antivirus detection. A crypter is a kind of software that can...

Cyber Security

We are glad to present the most recent news on cybersecurity in this week’s Threat and Vulnerability Roundup from Cyber Writes.  The latest attack...

Cyber Security

The cybercrime group evaded remediation efforts by installing persistent backdoors and deploying “new and novel malware.” A Chinese-linked hacking group that security researchers say...

Copyright © 2023 Hard News Herd Hitting in Your Face News Source | World News | Breaking News | US News | Political News Website by Top Search SEO