"Spring Framework Flaw Exploited in Mirai Malware Attacks"

A high-severity Remote Code Execution (RCE) vulnerability previously discovered in the Spring framework has been exploited by hackers since April to deploy the Mirai botnet malware on vulnerable devices in a likely attempt to execute Distributed Denial-of-Service (DDoS) attacks. Spring is a framework in Java used by developers to create and test enterprise-level applications. Patches were released to address the vulnerability following its disclosure via Spring Framework 5.3.18 and 5.2.20, but attackers are targeting unpatched servers. Security researchers with Trend Micro observed active exploitation of the flaw in which malicious actors weaponized and executed the Mirai botnet malware on vulnerable servers in the Singapore region. The flaw allows attackers to circumvent a patch for a more than a decade-old flaw in the Spring framework. Attackers can then send a specific HTTP request to vulnerable endpoints followed by a malicious .jar file to execute arbitrary code. According to the researchers, threat actors can gain full access to compromised devices through the vulnerability, resulting in the installation of malware capable of exfiltrating data from a device, execution of Denial-of-Service (DoS) attacks, deployment of cryptomining malware, or launch of ransomware. Researchers have developed a reliable exploit, but it requires a specially configured version of the application to work. This article continues to discuss the Spring framework RCE vulnerability and its exploitation by attackers to deploy the Mirai botnet malware. 

Decipher reports "Spring Framework Flaw Exploited in Mirai Malware Attacks"