September 22, 2023

The new Spring4Shell vulnerability has been exploited by the Mirai botnet.

Two critical vulnerabilities have been patched recently in the popular Java application framework Spring: CVE-2022-22965 and CVE-2022-22963.

The flaws can be used for RCE and both appear to have been exploited by malicious actors, with attacks reportedly starting before patches were made available by Spring developers.

Exploitation attempts are designed to deliver a web shell that can allow the attacker to gain further access into the targeted organization’s environment. But it appears that a botnet powered by the notorious Mirai malware has also been exploiting Spring4Shell.

Advertisements

Qihoo 360 was the first to report Spring4Shell exploitation by Mirai, on April 1. Trend Micro on Friday confirmed those reports, explaining that CVE-2022-22965 has been leveraged to download the Mirai malware.

The Mirai sample is downloaded to the ‘/tmp’ folder and executed after permission change to make them executable using ‘chmod’. Mirai botnet operators are often quick to add newly disclosed vulnerabilities to their exploit arsenal. The botnet was also recently spotted exploiting the Log4Shell vulnerability.

Tags:

Leave a Reply

You may have missed

Apple fixes trio of Zeroday Exploits

September 22, 2023

T-Mobile and Data Breach tightly coupled

September 21, 2023

Cisco Acquires Splunk in a blockbuster deal

September 21, 2023

Atlassian BitBucket and Confluence Vulnerabilities

September 21, 2023

Snatch ransomware Dissection

September 21, 2023

Fortinet Fixes Vulnerabilities in FortiOS

September 20, 2023
%d bloggers like this: