Case of ActiveMQ Vulnerability Exploitation to Install Sharpire (Kinsing)
AhnLab SEcurity intelligence Center (ASEC) has confirmed that the Kinsing threat actor is still distributing malware by exploiting known vulnerabilities. Since the disclosure of the CVE-2023-46604 vulnerability in ActiveMQ, the threat actor has been exploiting it to install malware on both Linux and Windows systems. [1] Aside from the well-known XMRig
Oracle Family January 2025 Security Update Advisory
Overview Oracle(https://www.oracle.com) has released a security update that addresses a vulnerability in its supplied...
2024 Cyber Threat Trends Review & 2025 Outlook
About AhnLab AhnLab is Korea’s top cybersecurity company providing the latest cyber threat intelligence and threat detection and response (TDR) capabilities based on advanced technology.We provide optimized solutions and platforms across various cybersecurity areas such as endpoint, network, cloud, security operations, and cyber-physical systems (CPS), ensuring enhanced threat visibility, practical
Mimo CoinMiner and Mimus Ransomware Installed via Vulnerability Attacks
AhnLab SEcurity intelligence Center (ASEC) recently observed circumstances of a CoinMiner threat actor called Mimo exploiting various vulnerabilities to install malware. Mimo, also dubbed Hezb, was first found when they installed CoinMiners through a Log4Shell vulnerability exploitation in March 2022. Up until now, all of the attack cases involved the
Apache ActiveMQ Vulnerability (CVE-2023-46604) Continuously Being Exploited in Attacks
In November 2023, AhnLab Security Emergency response Center (ASEC) published a blog post titled “Circumstances of the Andariel Group Exploiting an Apache ActiveMQ Vulnerability (CVE-2023-46604)” [1] which covered cases of the Andariel threat group exploiting the CVE-2023-46604 vulnerability to install malware. This post not only covered attack cases of the
Circumstances of the Andariel Group Exploiting an Apache ActiveMQ Vulnerability (CVE-2023-46604)
While monitoring recent attacks by the Andariel threat group, AhnLab Security Emergency response Center (ASEC) has discovered the attack case in which the group is assumed to be exploiting Apache ActiveMQ remote code execution vulnerability (CVE-2023-46604) to install malware. The Andariel threat group usually targets South Korean companies and institutions,
