Type
Campaign
Actors
Muhstik operator
Pub. date
June 4, 2024
Initial access
1-day vulnerability
Impact
Resource hijackingDenial of service
Observed techniques
Vulnerability exploitation
Observed tools
Muhstik
Targeted technologies
Apache RocketMQ
References
https://www.aquasec.com/blog/muhstik-malware-targets-message-queuing-services-applications/
Status
Finalized
Last edited
Jun 10, 2024 1:20 PM
Researchers uncovered a new campaign using Muhstik malware to target Apache RocketMQ, a distributed messaging platform, exploiting a remote code execution vulnerability (CVE-2023-33246). Attackers use this vulnerability to download and execute Muhstik malware on compromised instances, leading to activities such as cryptocurrency mining and Distributed Denial of Service (DDoS) attacks.