216.73.217.176

Case of ActiveMQ Vulnerability Exploitation to Install Sharpire (Kinsing)

· Published 31/10/2025 09:30 · Modified 31/10/2025 10:56

Export JSON

Essential information

Published
31/10/2025 09:30
Modified
31/10/2025 10:56
Tags
2025-10-31 CVE-2023-46604 activemq cobaltstrike cryptocurrency mining h2miner meterpreter powershell empire sharpire vulnerability exploitation xmrig
Related entities
2 vulnerabilities (cve), 4 observables, 1 intrusion sets (apt), 2 techniques (mitre), 5 malware, 2 others

Description

The Kinsing threat actor continues to distribute malware by exploiting known vulnerabilities, particularly in . They target both Linux and Windows systems, using various malware types including , Stager, and . The attack process involves exploiting the vulnerability to execute remote commands, installing downloaders, and using tools like , , and to control infected systems. The actor's main objectives include , information theft, and potential ransomware installation. The vulnerability has also been exploited by other groups such as Andariel, HelloKitty, and Mauri ransomware. Organizations are advised to apply security updates to mitigate the risk.

External references