virus logo Outbreak Alert

Apache ActiveMQ Ransomware Attack

Released: Nov 06, 2023

Updated: Nov 07, 2023

Download PDF »

Apache ActiveMQ Attack Vulnerability Ransomware Tags

High Severity

Apache Vendor

Subscribe

Ransomware attackers actively targeting Apache ActiveMQ flaw

Ransomware attackers are targeting servers running outdated and vulnerable versions of Apache ActiveMQ by exploiting a recently fixed vulnerability (CVE-2023-46604). Learn More »

Common Vulnerabilities and Exposures


Background

Apache ActiveMQ is a popular open source message broker – a program that translates a messages from one messaging protocol to another, allowing communication between diverse services and systems. ActiveMQ supports a variety of protocols, including OpenWire, MQTT (messaging protocol for IoT), AMQP (protocol for business messaging and IoT device management), REST, STOMP, etc.

This vulnerability CVE2023-46604, may allow a remote attacker with network access to a broker to run arbitrary shell commands by manipulating serialized class types in the OpenWire protocol. Technical details and proof-of-concept (PoC) code for CVE-2023-46604 are publicly available and could be leveraged by other threat groups looking to exploit the vulnerability.

As of 6th Oct, 2023, according to shadow server there are more than 3000+ servers accessible for the internet which are vulnerable to CVE-2023-46604.
https://dashboard.shadowserver.org/statistics/combined/time-series/?date_range=7&source=activemq&tag=cve-2023-46604&style=stacked

Click here to analyze the

Real-Time Threat Map

Latest Development

Recent news and incidents related to cybersecurity threats encompassing various events such as data breaches, cyber-attacks, security incidents, and vulnerabilities discovered.


Oct, 2023: Apache released an advisory:
https://activemq.apache.org/security-advisories.data/CVE-2023-46604-announcement.txt

Oct 25, 2023: Apache released the patch fix for CVE-2023-46604
https://activemq.apache.org/components/classic/download/

Nov 02, 2023: CISA added CVE-2023-46604 to its known exploited list, KEV Catalog.


FortiGuard Labs recommends applying available patches for Apache ActiveMQ as soon as possible if not already done. Apache also has information on improving the security of ActiveMQ implementations. https://activemq.apache.org/security

FortiGuard Cybersecurity Framework

Mitigate security threats and vulnerabilities by leveraging the range of FortiGuard Services.


PROTECT

  • Lure

  • Decoy VM

  • AV

  • Vulnerability

  • AV (Pre-filter)

  • Behavior Detection

  • IPS

DETECT

  • Outbreak Detection

  • Threat Hunting

  • IOC

RESPOND

  • Assisted Response Services

  • Automated Response

RECOVER

  • NOC/SOC Training

  • End-User Training

IDENTIFY

  • Vulnerability Management

  • Attack Surface Hardening

  • Business Reputation

Threat Intelligence

Information gathered from analyzing ongoing cybersecurity events including threat actors, their tactics, techniques, and procedures (TTPs), indicators of compromise (IOCs), malware and related vulnerabilities.