Alert
Hackers are looking for targets that are exposing the Apache ActiveMQ messaging service on the Internet.
This service has at least one recently published critical vulnerability that is probably not updated in most existing structures.
A quick search for the service shows a frightening public display of the service in a park of almost half a million assets on the Internet.
About detection
The HackNet network identified a hacker attack targeting the Apache ActiveMQ messaging service.
The most intense movement began on November 26th and was observed in all 20 HackNet points of presence, with its main origin being addresses belonging to China.
In total, 186 different origins were identified looking for the service, 103 from China and 48 from the United States.
103 China
48 United States
6 Singapore
6 Hong Kong
5 India
3 Canada
2 Russia
2 Italy
2 Germany
2 Brazil
1 South Korea
1 Portugal
1 Netherlands
1 Ecuador
1 Bulgaria
1 Australia
1 Argentina
HackNet customers are automatically protected against each of these new threat sources within 1 hour of detection at any point of presence in the global observation network.
Recent vulnerability
On October 27th, a vulnerability was published in the service, which received the CVE CVE-2023-46604, classified with critical severity.
The question is: Are we seeing a delayed movement towards this vulnerability or are we facing a new vulnerability discovered in the service?
Read too:
Comments