Threat Actors Exploit Apache ActiveMQ Server Vulnerability to Gain RDP Access and Deploy LockBit Ransomware

Pulse ID: 69a19efa5a3cb45c05190273
Pulse Link: https://otx.alienvault.com/pulse/69a19efa5a3cb45c05190273
Pulse Author: CyberHunter_NL
Created: 2026-02-27 13:41:13

Be advised, this data is unverified and should be considered preliminary. Always do further verification.

#APAC #ActiveMQ #Apache #CyberSecurity #InfoSec #LockBit #OTX #OpenThreatExchange #RDP #RansomWare #Vulnerability #bot #CyberHunter_NL

Apache ActiveMQ Exploit Leads to LockBit Ransomware - The DFIR Report

Pulse ID: 69a19f09b3ea1e782cb3e96f
Pulse Link: https://otx.alienvault.com/pulse/69a19f09b3ea1e782cb3e96f
Pulse Author: CyberHunter_NL
Created: 2026-02-27 13:41:29

Be advised, this data is unverified and should be considered preliminary. Always do further verification.

#APAC #ActiveMQ #Apache #CyberSecurity #InfoSec #LockBit #OTX #OpenThreatExchange #RansomWare #bot #CyberHunter_NL

Apache ActiveMQ Exploit Leads to LockBit Ransomware

Pulse ID: 699d3e6224da5f2edf580175
Pulse Link: https://otx.alienvault.com/pulse/699d3e6224da5f2edf580175
Pulse Author: Tr1sa111
Created: 2026-02-24 06:00:02

Be advised, this data is unverified and should be considered preliminary. Always do further verification.

#APAC #ActiveMQ #Apache #CyberSecurity #InfoSec #LockBit #OTX #OpenThreatExchange #RansomWare #bot #Tr1sa111

Apache ActiveMQ Exploit Leads to LockBit Ransomware

A threat actor exploited CVE-2023-46604 on an exposed Apache ActiveMQ server, gaining initial access and later returning after being evicted. The attacker used Metasploit for post-exploitation activities, including privilege escalation, credential access, and lateral movement. Upon regaining access, they swiftly deployed LockBit ransomware via RDP using previously extracted credentials. The ransomware binary matched LockBit signatures but was likely crafted using the leaked LockBit builder, as evidenced by modified ransom notes and communication methods. The intrusion spanned 19 days from initial access to ransomware deployment, with less than 90 minutes between re-engagement and encryption during the second phase.

Pulse ID: 699cd6eed9db04bd8dc60dc9
Pulse Link: https://otx.alienvault.com/pulse/699cd6eed9db04bd8dc60dc9
Pulse Author: AlienVault
Created: 2026-02-23 22:38:38

Be advised, this data is unverified and should be considered preliminary. Always do further verification.

#APAC #ActiveMQ #Apache #CyberSecurity #Encryption #InfoSec #LockBit #OTX #OpenThreatExchange #RDP #RansomWare #bot #AlienVault

Critical Apache ActiveMQ Let Attackers Execute Arbitrary Code
https://gbhackers.com/critical-apache-activemq-let-attackers-execute-arbitrary-code/

#Infosec #Security #Cybersecurity #CeptBiro #Apache #ActiveMQ #ExecuteArbitraryCode

New malware called #DripDropper attacks Linux servers by exploiting an ActiveMQ vulnerability, then patches that vulnerability to lock out rival cybercriminals.

Read: https://hackread.com/dripdropper-malware-exploits-linux-flaw-patche-lock-out/

#CyberSecurity #ActiveMQ #Vulnerability #Malware #Linux

#BSI WID-SEC-2025-1147: [NEU] [mittel] #Apache #ActiveMQ: Schwachstelle ermöglicht Umgehen von Sicherheitsvorkehrungen

Ein lokaler Angreifer kann eine Schwachstelle in Apache ActiveMQ ausnutzen, um Sicherheitsvorkehrungen zu umgehen.

https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2025-1147

#BSI WID-SEC-2025-0954: [NEU] [mittel] #Apache #ActiveMQ: Schwachstelle ermöglicht Denial of Service

Ein entfernter, anonymer Angreifer kann eine Schwachstelle in Apache ActiveMQ ausnutzen, um einen Denial of Service Angriff durchzuführen.

https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2025-0954

Шатаем ActiveMQ

Пожалуйста обновите ActiveMQ после прочтения этой статьи. Рассказ об одной известной атаке на инфраструктуру крупных ИТ-проектов — брокер сообщений Apache ActiveMQ.

https://habr.com/ru/articles/892450/

#activemq #java #rce #cve