The new Spring4Shell vulnerability has been exploited by the Mirai botnet.
Two critical vulnerabilities have been patched recently in the popular Java application framework Spring: CVE-2022-22965 and CVE-2022-22963.
The flaws can be used for RCE and both appear to have been exploited by malicious actors, with attacks reportedly starting before patches were made available by Spring developers.
Exploitation attempts are designed to deliver a web shell that can allow the attacker to gain further access into the targeted organization’s environment. But it appears that a botnet powered by the notorious Mirai malware has also been exploiting Spring4Shell.
Qihoo 360 was the first to report Spring4Shell exploitation by Mirai, on April 1. Trend Micro on Friday confirmed those reports, explaining that CVE-2022-22965 has been leveraged to download the Mirai malware.
The Mirai sample is downloaded to the ‘/tmp’ folder and executed after permission change to make them executable using ‘chmod’. Mirai botnet operators are often quick to add newly disclosed vulnerabilities to their exploit arsenal. The botnet was also recently spotted exploiting the Log4Shell vulnerability.