The experts at Fortiguard Labsover the past few weeks, have identified and cataloged a new exploit in Apache systems and a series of cybercriminals who are exploiting it.
We are talking about the known critical vulnerability CVE-2023-46604targeted in recent days by different strains of malware. The most significant threat, according to the researchers, is linked to one botnet based on Golangcall GoTitan. This poses a huge danger to vulnerable systems due to its ability to spread various malicious agents.
Another threat that takes advantage of the exploit is the RAT known as PrCtrland program .NET equipped with remote control functionality. Once this affects a system, it allows the attacker to execute commands remotely, offering considerable freedom of action.
No less dangerous is the abuse of Sliver. This legitimate tool, used in the context of penetration testhas been adapted by cybercriminals as a real weapon to use during their attacks.
From GoTitan to Kinsing and Ddosft: the Apache systems exploit opens the door to various potential attacks
Apparently, the CVE-2023-46604 vulnerability appeals to many. Fortiguard Labs has also identified other malicious agents that are exploiting it, from the fearsome Kinsinglinked to operations cryptojackinguntil Dostfmalware created in 2016 and widely used in DDoS attacks.
For experts, the situation is quite serious. Despite the release of a corrective patchmore than a month ago, apparently many users who use Apache systems have not yet updated their platforms, effectively leaving the door open to any type of cyber attack among the many illustrated above.
In the note proposed by Fortiguard Labs, in fact, it is specified as “It is critical to prioritize system updates and patches and regularly monitor security alerts to effectively mitigate the risk of exploitation“.