Attackers are abusing Spring4Shell vulnerability to spread Mirai botnet malware

by | Apr 12, 2022 | News

Spring4Shell vulnerability Mirai botnet

Post Views: 244

 

 

 Advanced Enumeration techniques with NMAP, Zenmap and Hydra

 Subscribe to Patreon to watch this episode.

 

Reading Time: 1 Minute

Miscreants have started abusing the recently discovered Spring4Shell vulnerability as a vector for the spread of the Mirai botnet.

 

 

Trend Micro researchers have noticed the active exploitation of Spring4Shell – a critical vulnerability in VMWare’s Spring Framework’s Java-based Core module – to hack into unpatched devices before infecting them with the Mirai malware.

Exploitation began at the start of April in attacks focused on systems in Singapore, according to Trend Micro.

Abusing the Spring4Shell vulnerability (CVE-2022-22965) allows “threat actors to download the Mirai sample to the /tmp folder and execute them after permission change using chmod”, a blog post by Trend Micro explains.

 

 

See Also: Complete Offensive Security and Ethical Hacking Course

 

 

 

Solutions

 

The vulnerability can be used to trigger remote code execution in Spring Core applications under non-default circumstances. The security bug should not be confused with CVE-2022-22963 – a separate security vulnerability affecting the Spring Cloud Function.

 

Servers under attack

 

Spring4Shell affects Spring Framework versions before 5.2.20, 5.3.18, and Java Development Kit (JDK) version 9 or higher. Apache Tomcat is also affected – the web server environment against which Trend Micro detected attacks against its clients’ systems.

As previously reported, the CVE-2022-22965 has also been identified in limited but in-the-wild exploitation, spurring warnings by both the US Cybersecurity and Infrastructure Security Agency and Microsoft’s Threat Intelligence Team. Microsoft said that the threat had cropped up in attacks against its cloud-based services.

 
 
 

 

 

Mirai is a strain of malware that turns networking devices running Linux into drones in a botnet network. The malware first surfaced in August 2016 and primarily affected hardware devices such as IP cameras and home routers.

It rose to prominence because of its subsequent abuse in several high-profile attacks, including a hugely disruptive attack against DNS provider Dyn in October 2016.

 

See Also: Offensive Security Tool: Scapy

 

 

 

Are u a security researcher? Or a company that writes articles or write ups about Cyber Security, Offensive Security (related to information security in general) that match with our specific audience and is worth sharing?

If you want to express your idea in an article contact us here for a quote: [email protected]

 

 

 

See Also: Lizard Squad – the infamous hacking group that brought Xbox and PlayStation networks to their knees.

 

Source: portswigger.net

Source Link

 

 

 

 

 

Merch

Share This