Beware of the Messengers, Exploiting ActiveMQ Vulnerability

Cybereason reports that attackers have been actively exploiting Apache ActiveMQ CVE-2023-46604 (unauthenticated RCE via insecure OpenWire deserialization) since at least October 11, 2023, to deploy a variety of malware—including Mirai botnet binaries, SparkRAT, HelloKitty ransomware, XMRig coinminers and ConnectBack backdoors—using wget/curl downloads, Base64-encoded scripts, and reverse shells; the report includes detailed IoCs and mitigation recommendations.