GBHackers News reports that vulnerable Adobe ColdFusion servers have been subjected to more than 2.5 million malicious requests involving 767 security flaws, including the critical CVE-2023-26359, CVE-2023-38205, and CVE-2023-44353 bugs, as part of a coordinated exploitation campaign on Christmas Day.
Threat actors harnessed JNDI/LDAP injection via WDDX deserialization as a primary vector, with the JdbcRowSetImpl gadget chain tapped to facilitate remote code execution, with ProjectDiscovery Interactsh out-of-band callback infrastructure then leveraged for real-time exploitation attempt verification, according to an analysis from GreyNoise researchers. Additional findings revealed 4,118 different HTTP fingerprints aimed at web frameworks, Java app servers, CMS platforms, network devices, Atlassian offerings, and surveillance systems.
Operations have also been conducted from Hong Kong-registered hosting provider AS152194, which has been linked with phishing and spam attacks, said researchers, who recommended the adoption of network-based JNDI injection payload, OAST callback domain, IP address, and JA4+ network fingerprint discovery.
Threat actors harnessed JNDI/LDAP injection via WDDX deserialization as a primary vector, with the JdbcRowSetImpl gadget chain tapped to facilitate remote code execution, with ProjectDiscovery Interactsh out-of-band callback infrastructure then leveraged for real-time exploitation attempt verification, according to an analysis from GreyNoise researchers. Additional findings revealed 4,118 different HTTP fingerprints aimed at web frameworks, Java app servers, CMS platforms, network devices, Atlassian offerings, and surveillance systems.
Operations have also been conducted from Hong Kong-registered hosting provider AS152194, which has been linked with phishing and spam attacks, said researchers, who recommended the adoption of network-based JNDI injection payload, OAST callback domain, IP address, and JA4+ network fingerprint discovery.




