Threat actors are exploiting a critical vulnerability in Apache ActiveMQ to gain persistent access to cloud Linux systems and deploy malware like DripDropper. Interestingly, these attackers patch the vulnerability after gaining access to prevent others from exploiting it, highlighting sophisticated tactics in cyber-espionage. #ApacheActiveMQ #CVE-2023-46604
Keypoints
- Threat actors are exploiting a severe remote code execution vulnerability in Apache ActiveMQ (CVE-2023-46604).
- Attackers deploy malware such as DripDropper, HelloKitty ransomware, Linux rootkits, and GoTitan botnet.
- The attackers patch the exploited vulnerability after establishing initial access to prevent other adversaries from exploiting it.
- DripDropper communicates with attacker-controlled Dropbox accounts to receive commands and maintain persistence.
- Organizations are urged to apply timely patches, restrict internal service access, and monitor cloud activity for anomalies.
Read More: https://thehackernews.com/2025/08/apache-activemq-flaw-exploited-to.html