Cloud Threat Landscape
  • Incidents
  • Actors
  • Techniques
  • Defenses
  • Tools
  • Targeted Technologies
  • Posters & Newspapers
  • About
  • RSS
  • STIX
  • Back to wiz.io

Made with 💙 by Wiz

Last Updated: April 3, 2025

Cloud Threat Landscape
/Incidents
Incidents
/
Muhstik campaign

Muhstik campaign

Type
Campaign
Actors
🍥Muhstik operator
Pub. date
June 4, 2024
Initial access
1-day vulnerability
Impact
Resource hijackingDenial of service
Observed techniques
Vulnerability exploitation
Observed tools
Muhstik
Targeted technologies
Apache RocketMQ
References
https://www.aquasec.com/blog/muhstik-malware-targets-message-queuing-services-applications/
Status
Finalized
Last edited
Jun 10, 2024 1:20 PM

Researchers uncovered a new campaign using Muhstik malware to target Apache RocketMQ, a distributed messaging platform, exploiting a remote code execution vulnerability (CVE-2023-33246). Attackers use this vulnerability to download and execute Muhstik malware on compromised instances, leading to activities such as cryptocurrency mining and Distributed Denial of Service (DDoS) attacks.