Critical Apache ActiveMQ Vulnerability Actively Exploited By Ransomware Groups

Critical Apache ActiveMQ Vulnerability Actively Exploited By Ransomware Groups

Apache ActiveMQ is a popular open-source messaging broker that is used by businesses of all sizes to communicate with their applications. However, a recent critical vulnerability in ActiveMQ is being actively exploited by ransomware groups to deploy ransomware on vulnerable systems.

The vulnerability, tracked as CVE-2023-46604, is a remote code execution (RCE) vulnerability that allows an attacker to execute arbitrary code on a vulnerable ActiveMQ server. The vulnerability can be exploited by sending a specially crafted JMS message to the server.

Once an attacker has exploited the vulnerability, they can gain complete control of the vulnerable ActiveMQ server. This could allow the attacker to deploy ransomware on the server, steal data, or disrupt operations.

Who is at risk?

Any business that is using Apache ActiveMQ is at risk of being exploited by this vulnerability. This includes businesses of all sizes, from small businesses to large enterprises.

How to protect yourself

The best way to protect yourself from this vulnerability is to upgrade to the latest version of ActiveMQ as soon as possible. Apache released a patch for the vulnerability on October 25, 2023.

If you are unable to upgrade to the latest version of ActiveMQ, you should immediately restrict internet access to these servers.

What to do if you have been exploited

If you believe that your ActiveMQ server has been exploited, you should take the following steps:

  • Notify your security team.
  • Isolate the server from the network.
  • Restore the server from a known good backup.
  • Change all passwords for the server.

The CVE-2023-46604 vulnerability in Apache ActiveMQ is a critical vulnerability that is being actively exploited by ransomware groups. If you are using Apache ActiveMQ, you should upgrade to the latest version as soon as possible. If you are unable to upgrade, you should take steps to mitigate the risk of exploitation.

Rapid7 and Huntress have some great explanations of this, including the progress of the exploitations.

Links:

Suspected Exploitation of Apache ActiveMQ CVE-2023-46604 | Rapid7 Blog

Critical Vulnerability: Exploitation of Apache ActiveMQ CVE-2023-46604 (huntress.com)

(We take no responsibility for the content of external links)