Vulnerability Management, Patch/Configuration Management, Malware, Threat Intelligence

GeoServer flaw exploited in global malware campaigns

Share
worldwide network connection

U.S. tech firms, Indian IT service providers, Brazilian and Thai telecommunications firms, and Belgian government organizations have been compromised with several malicious payloads as part of separate attack campaigns exploiting the critical GeoServer GeoTools remote code execution flaw, tracked as CVE-2024-36401, which has been added to the Cybersecurity and Infrastructure Security Agency's Known Exploited Vulnerabilities catalog in July, according to The Hacker News.

Intrusions leveraging the vulnerability have facilitated the distribution of not only the GOREVERSE reverse proxy server but also the Condi malware, the Mirai botnet variant Jenx, and four other cryptocurrency mining payloads, as well as the advanced SideWalk Linux backdoor linked to Chinese state-backed threat group APT41, a report from Fortinet FortiGuard Labs showed. Attackers' primary targeting of South America, Europe, and Asia "suggests a sophisticated and far-reaching attack campaign, potentially exploiting vulnerabilities common to these diverse markets or targeting specific industries prevalent in these areas," said researchers.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms of Use and Privacy Policy.