Update: TellYouThePass Ransomware Joins Apache ActiveMQ RCE Attacks
Apache ActiveMQ servers that are exposed on the internet are being targeted in ransomware attacks exploiting a critical remote code execution vulnerability (CVE-2023-46604). This vulnerability allows attackers to execute arbitrary shell commands on vulnerable servers. Despite a security update being released on October 27, threat actors have been exploiting the vulnerability as a zero-day to deploy SparkRAT malware since at least October 10. Over 4,770 servers are currently vulnerable to this exploit. Cybersecurity companies have observed ransomware gangs using the vulnerability to deploy HelloKitty ransomware, and researchers have also found evidence of the TellYouThePass ransomware being pushed in attacks targeting Linux systems. It is crucial for administrators to immediately patch all vulnerable systems by upgrading to the latest versions of ActiveMQ.