Malicious actors have exploited Apache HTTP Server and Microsoft Exchange Server flaws to facilitate the delivery of the Linuxsys cryptocurrency mining malware and GhostContainer backdoor, respectively, in separate attack campaigns, The Hacker News reports.
Intrusions involving the high-severity Apache HTTP Server path traversal vulnerability, tracked as CVE-2021-41773, were launched by attackers using an Indonesian IP address to spread a next-stage shell script that retrieved Linuxsys from five legitimate websites in a bid to better conceal illicit activity, according to an analysis from VulnCheck. Linuxsys was previously spread through the exploitation of the Atlassian Confluence Data Center and Confluence Server template injection bug, tracked as CVE-2023-22527, and the Metabase command injection issue, tracked as CVE-2023-38646, among others. On the other hand, Asian government organizations were reported by Kaspersky to have been compromised with the custom GhostContainer backdoor through attacks that potentially exploited the high-severity Exchange Server remote code execution vulnerability, tracked as CVE-2020-0688. With GhostContainer allowing further module downloads, malicious actors could achieve total Exchange Server compromise, said Kaspersky researchers.
Intrusions involving the high-severity Apache HTTP Server path traversal vulnerability, tracked as CVE-2021-41773, were launched by attackers using an Indonesian IP address to spread a next-stage shell script that retrieved Linuxsys from five legitimate websites in a bid to better conceal illicit activity, according to an analysis from VulnCheck. Linuxsys was previously spread through the exploitation of the Atlassian Confluence Data Center and Confluence Server template injection bug, tracked as CVE-2023-22527, and the Metabase command injection issue, tracked as CVE-2023-38646, among others. On the other hand, Asian government organizations were reported by Kaspersky to have been compromised with the custom GhostContainer backdoor through attacks that potentially exploited the high-severity Exchange Server remote code execution vulnerability, tracked as CVE-2020-0688. With GhostContainer allowing further module downloads, malicious actors could achieve total Exchange Server compromise, said Kaspersky researchers.
