HelloKitty Ransomware Group Exploiting Apache ActiveMQ Vulnerability

From thehackernews.com

Cybersecurity researchers are warning of suspected exploitation of a recently disclosed critical security flaw in the Apache ActiveMQ open-source message broker service that could result in remote code execution.

“In both instances, the adversary attempted to deploy ransomware binaries on target systems in an effort to ransom the victim organizations,” cybersecurity firm Rapid7 disclosed in a report published Wednesday.

“Based on the ransom note and available evidence, we attribute the activity to the HelloKitty ransomware family, whose source code was leaked on a forum in early October.”

The intrusions are said to involve the exploitation of CVE-2023-46604, a remote code execution vulnerability in Apache ActiveMQ that allows a threat actor to run arbitrary shell commands.

Read more…