June 6, 2023

The new Spring4Shell vulnerability has been exploited by the Mirai botnet.

Two critical vulnerabilities have been patched recently in the popular Java application framework Spring: CVE-2022-22965 and CVE-2022-22963.

The flaws can be used for RCE and both appear to have been exploited by malicious actors, with attacks reportedly starting before patches were made available by Spring developers.

Exploitation attempts are designed to deliver a web shell that can allow the attacker to gain further access into the targeted organization’s environment. But it appears that a botnet powered by the notorious Mirai malware has also been exploiting Spring4Shell.

Advertisements

Qihoo 360 was the first to report Spring4Shell exploitation by Mirai, on April 1. Trend Micro on Friday confirmed those reports, explaining that CVE-2022-22965 has been leveraged to download the Mirai malware.

The Mirai sample is downloaded to the ‘/tmp’ folder and executed after permission change to make them executable using ‘chmod’. Mirai botnet operators are often quick to add newly disclosed vulnerabilities to their exploit arsenal. The botnet was also recently spotted exploiting the Log4Shell vulnerability.

Tags:

Leave a Reply

You may have missed

Google Fixes Third Chrome Zeroday

Google Fixes Third Chrome Zeroday

June 6, 2023
Moveit Attributed to Lace Tempest

Moveit Attributed to Lace Tempest

June 6, 2023
Byte Code Bites PYPI

Byte Code Bites PYPI

June 5, 2023
Enzo Biochem Suffers a Data Breach

Enzo Biochem Suffers a Data Breach

June 5, 2023
BlackSuit Ransomware Dissection

BlackSuit Ransomware Dissection

June 4, 2023
TheCyberThrone CyberSecurity Newsletter Top 5 Articles – May, 2023

TheCyberThrone CyberSecurity Newsletter Top 5 Articles – May, 2023

June 4, 2023
%d bloggers like this: