Multiple SSRF vulnerabilities leveraged in far-reaching coordinated attack

Attacks exploiting a dozen server-side request forgery vulnerabilities across widely used platforms to target the U.S., Germany, Singapore, India, Japan, and Lithuania have spiked on Sunday, with Israel also experiencing a wave of such intrusions on Tuesday, The Hacker News reports.

Several SSRF flaws — the most severe of which are the critical ColumbiaSoft DocumentLocator, GitLab CE/EE, and Zimbra Collaboration Suite bugs, tracked as CVE-2023-5830, CVE-2021-22175, and CVE-2020-7796, respectively — have been concurrently abused by over 400 IP addresses, according to an investigation from GreyNoise.

Also targeted by the IP addresses were other security issues in VMware vCenter and VMware Workspace ONE UEM, Ivanti Connect Secure, DotNetNuke, OpenBMCS, and BerriAI LiteLLM, indicating threat actors' intent of conducting pre-compromise intelligence collection, automation, or structured exploitation, said GreyNoise researchers.

Organizations and other users have been urged to not only remediate vulnerable software but also restrict outbound connections and remain vigilant on atypical outbound requests.