Malware Targets Message Queuing Services Applications
Essential information
- Published
- 06/06/2024 18:44
- Modified
- 06/06/2024 19:09
- Tags
- 2024-06-06 CVE-2023-33246 apache cryptocurrency evasion irc lateral muhstik persistence rocketmq vulnerability
- Related entities
- 1 vulnerabilities (cve), 21 observables, 13 techniques (mitre), 1 malware
Description
The report describes a recent campaign targeting Apache RocketMQ platforms, where attackers exploited a known vulnerability (CVE-2023-33246) to gain remote code execution on the systems. They then downloaded and executed the Muhstik malware, which provides persistence, evades detection, performs lateral movement, and communicates through an IRC command-and-control server. The malware can be used for cryptocurrency mining and launching distributed denial-of-service attacks. The report also analyzes the prevalence of vulnerable RocketMQ instances worldwide and provides recommendations for securing cloud-native environments.