top of page

Apache ActiveMQ becomes target of Chinese Hackers.

Updated: Apr 24

Hacker holding a letter with the Apache ActiveMQ logo


Hackers are looking for targets that are exposing the Apache ActiveMQ messaging service on the Internet.

This service has at least one recently published critical vulnerability that is probably not updated in most existing structures.

A quick search for the service shows a frightening public display of the service in a park of almost half a million assets on the Internet.

World map of Apache ActiveMQ exposure on the Internet.

About detection

The HackNet network identified a hacker attack targeting the Apache ActiveMQ messaging service.

The most intense movement began on November 26th and was observed in all 20 HackNet points of presence, with its main origin being addresses belonging to China.

In total, 186 different origins were identified looking for the service, 103 from China and 48 from the United States.

    103 China

     48 United States

      6 Singapore

      6 Hong Kong

      5 India

      3 Canada

      2 Russia

      2 Italy

      2 Germany

      2 Brazil

      1 South Korea

      1 Portugal

      1 Netherlands

      1 Ecuador

      1 Bulgaria

      1 Australia

      1 Argentina

HackNet customers are automatically protected against each of these new threat sources within 1 hour of detection at any point of presence in the global observation network.

Recent vulnerability

On October 27th, a vulnerability was published in the service, which received the CVE CVE-2023-46604, classified with critical severity.

Vulnerability classified as critical

The question is: Are we seeing a delayed movement towards this vulnerability or are we facing a new vulnerability discovered in the service?

Read too:


Post: Blog2_Post
bottom of page