The Kinsing malware operator is actively exploiting the CVE-2023-46604 critical vulnerability in the Apache ActiveMQ open-source message broker to compromise Linux systems.
The flaw allows remote code execution and was fixed in late October. Apache’s disclosure explains that the issue allows running arbitrary shell commands leveraging serialized class types in the OpenWire protocol.
Researchers found that thousands of servers remained exposed to attacks after the release of the patch and ransomware gangs like HelloKitty and TellYouThePass started to take advantage of the opportunity.
Today, a report from TrendMicro notes that Kinsing adds to the list of threat actors exploiting CVE-2023-46604, their goal being to deploy cryptocurrency miners on vulnerable servers.
Kinsing malware targets Linux systems and its operator is notorious for leveraging known flaws that are often overlooked by system administrators. Previously, they relied on Log4Shell and an Atlassian Confluence RCE bug for their attacks.