Muhstik Malware Targets Message Queuing Services Applications

Aqua Nautilus reports an active campaign where attackers exploited Apache RocketMQ RCE (CVE-2023-33246) to deploy Muhstik malware; the analysis covers exploitation steps, execution and persistence mechanisms, IRC-based C2, observed IOCs (IPs, domains, SHA256 hashes), MITRE mappings, and an estimated 5,216 vulnerable RocketMQ instances discovered via Shodan.