Apache ActiveMQ Ransomware Attack
Watch Video
Apache ActiveMQ Ransomware Attack Video
Ransomware attackers actively targeting Apache ActiveMQ flaw
Ransomware attackers are targeting servers running outdated and vulnerable versions of Apache ActiveMQ by exploiting a recently fixed vulnerability (CVE-2023-46604). Learn More »
Common Vulnerabilities and Exposures
Background
Apache ActiveMQ is a popular open source message broker – a program that translates a messages from one messaging protocol to another, allowing communication between diverse services and systems. ActiveMQ supports a variety of protocols, including OpenWire, MQTT (messaging protocol for IoT), AMQP (protocol for business messaging and IoT device management), REST, STOMP, etc. This vulnerability CVE2023-46604, may allow a remote attacker with network access to a broker to run arbitrary shell commands by manipulating serialized class types in the OpenWire protocol. Technical details and proof-of-concept (PoC) code for CVE-2023-46604 are publicly available and could be leveraged by other threat groups looking to exploit the vulnerability. As of 6th Oct, 2023, according to shadow server there are more than 3000+ servers accessible for the internet which are vulnerable to CVE-2023-46604. https://dashboard.shadowserver.org/statistics/combined/time-series/?date_range=7&source=activemq&tag=cve-2023-46604&style=stacked
Threat Radar Overall Score: 4.2
CVSS Rating | 9.0 | |
FortiRecon Score | 92/100 | |
Known Exploited | Yes | |
Exploit Prediction Score | 97.25% | |
FortiGuard Telemetry | 269 |
Latest Development
Recent news and incidents related to cybersecurity threats encompassing various events such as data breaches, cyber-attacks, security incidents, and vulnerabilities discovered.
Oct, 2023: Apache released an advisory:
https://activemq.apache.org/security-advisories.data/CVE-2023-46604-announcement.txt
Oct 25, 2023: Apache released the patch fix for CVE-2023-46604
https://activemq.apache.org/components/classic/download/
Nov 02, 2023: CISA added CVE-2023-46604 to its known exploited list, KEV Catalog.
FortiGuard Labs recommends applying available patches for Apache ActiveMQ as soon as possible if not already done. Apache also has information on improving the security of ActiveMQ implementations. https://activemq.apache.org/security
FortiGuard Cybersecurity Framework
Mitigate security threats and vulnerabilities by leveraging the range of FortiGuard Services.
-
Lure
-
Decoy VM
-
AV
-
Vulnerability
-
AV (Pre-filter)
-
Behavior Detection
-
IPS
-
Outbreak Detection
-
Threat Hunting
-
IOC
-
Assisted Response Services
-
Automated Response
-
NOC/SOC Training
-
End-User Training
-
Vulnerability Management
-
Attack Surface Hardening
-
Business Reputation
Lure
Decoy VM
AV Detects and blocks malware related to Apache ActiveMQ Ransomware Attack
Vulnerability Detects and blocks attack targeting Apache ActiveMQ servers (CVE-2023-46604)
AV (Pre-filter) Detects and blocks malware related to Apache ActiveMQ Ransomware Attack
Behavior Detection Behavior Dectection Engine detects HelloKitty ransomware malware as "High risk" and blocks other 0-day threats
IPS Detects and blocks attack targeting Apache ActiveMQ servers (CVE-2023-46604)
Outbreak Detection
Threat Hunting
Assisted Response Services Experts to assist you with analysis, containment and response activities.
Automated Response Services that can automaticlly respond to this outbreak.
NOC/SOC Training Train your network and security professionals and optimize your incident response to stay on top of the cyberattacks.
End-User Training Raise security awareness to your employees that are continuously being targetted by phishing, drive-by download and other forms of cyberattacks.
Vulnerability Management Reduce the attack surface on software vulnerabilities via systematic and automated patching.
Attack Surface Hardening Check Security Fabric devices to build actionable configuration recommendations and key indicators.
Business Reputation Know attackers next move to protect against your business branding.
Threat Intelligence
Information gathered from analyzing ongoing cybersecurity events including threat actors, their tactics, techniques, and procedures (TTPs), indicators of compromise (IOCs), malware and related vulnerabilities.
Loading ...
Indicators of compromise
IOC Indicator List
Indicators of compromise
IOC Threat Activity
Last 30 days
Chg
Avg 0
Mitre Matrix
Click here for the ATT&CK Matrix
References
Sources of information in support and relation to this Outbreak and vendor.