"Suspected Exploitation of Apache ActiveMQ Flaw To Install HelloKitty Ransomware"
Rapid7 cybersecurity researchers have issued a warning regarding the potential exploitation of a recently disclosed critical vulnerability in the Apache ActiveMQ, tracked as CVE-2023-46604, to launch the HelloKitty ransomware. Apache ActiveMQ is a Java-written open-source message broker software serving as a Message-Oriented Middleware (MOM) platform. ActiveMQ facilitates asynchronous communication and data exchange among various applications by providing messaging and communication capabilities. Rapid7 discovered attempts to exploit the flaw to deploy HelloKitty ransomware in two different customer environments. In both cases, the threat actor tried to install ransomware binaries on target systems. Based on the ransom note and other evidence, the activity was attributed to the HelloKitty ransomware family, whose source code was posted on a forum in early October. This article continues to discuss the exploitation of a critical security flaw in the Apache ActiveMQ to install HelloKitty ransomware.
Submitted by grigby1