THREAT OPS › Threat News › Apache ActiveMQ Exploit Leads to LockBit Ransomware
Apache ActiveMQ Exploit Leads to LockBit Ransomware
<p>Key Takeaways An audio version of this report can be found on Spotify, Apple, YouTube, Audible, & Amazon.  This intrusion began in mid-February 2024 after a threat actor exploited a vulnerability (CVE-2023-46604) on an exposed Apache ActiveMQ server. The threat actor was able to perform remote code execution (RCE) by using a Java Spring class and a custom Java
Indicators of compromise
- CVE-2023-46604cve