THREATOPS
THREAT OPSThreat News › Apache ActiveMQ Exploit Leads to LockBit Ransomware

Apache ActiveMQ Exploit Leads to LockBit Ransomware

lowdfirreportPublished 2026-02-23

<p>Key Takeaways An audio version of this report can be found on&#160;Spotify,&#160;Apple,&#160;YouTube,&#160;Audible, &#38;&#160;Amazon.&#160; This intrusion began in mid-February 2024 after a threat actor exploited a vulnerability (CVE-2023-46604) on an exposed Apache ActiveMQ server. The threat actor was able to perform remote code execution (RCE) by using a Java Spring class and a custom Java

Indicators of compromise

Original source: https://thedfirreport.com/2026/02/23/apache-activemq-exploit-leads-to-lockbit-ransomware/