Skip to content

Uptycs’ Threat Research Team has released its final Quarterly Threat Bulletin for 2023, detailing cybersecurity trends and the cybersecurity threat landscape: the tactics, techniques, and procedures (TTPs) of the most active malware and prominent threat actor groups.

 

Cybersecurity trends

This issue spotlights the exploitation of the Apache ActiveMQ vulnerability, a critical risk for deploying HelloKitty ransomware and other malicious payloads. This cyber threat vulnerability poses a significant threat to numerous systems and requires immediate attention.

 

Apache ActiveMQ vulnerability

Apache ActiveMQ Vulnerability allows attackers to compromise systems through a flaw in the Apache ActiveMQ service. Attackers exploit this vulnerability to execute remote code and deploy various malware types, including HelloKitty ransomware.

 

Attackers are taking advantage of this vulnerability by crafting malicious requests to the Apache ActiveMQ servers. Once compromised, these servers become conduits for further malware deployment and data breaches.

 

Windows, Linux, and macOS threats

Beyond the Apache ActiveMQ vulnerability, this bulletin covers malware threats targeting Windows, Linux, and macOS.

 

Key malware types include:

 

Windows
Linux
macOS

Amadey

Mirai Bundlore
AgentTesla Gafgyt  
RedLine    

The bulletin also addresses the growing concern around the misuse of legitimate tools or utilities for malicious purposes across different platforms.

 

6 Key takeaways

  1. Apache ActiveMQ Vulnerability: A significant focus was on the exploitation of the Apache ActiveMQ vulnerability, primarily for deploying HelloKitty ransomware.
  2. Malware & Cybersecurity Trends: Notable malware strains included Amadey, AgentTesla, and RedLine for Windows; Mirai and Gafgyt for Linux; and Bundlore for macOS.
  3. Utility Abuse: The report observed specific utilities being exploited across platforms, such as Rundll32.exe on Windows, Crontab on Linux, and OpenSSL on macOS.
  4. Prominent Threat Actors: LockBit ransomware group was particularly active, along with Clop, Play, and BlackCat. Other notable actors included Lazarus Group, SideWinder, Kimsuky, Arid Viper, and APT29.
  5. Vulnerabilities Analysis: The bulletin detailed key vulnerabilities and exploits across different platforms, emphasizing the need for constant vigilance and updated security measures.
  6. Ransomware Groups: The bulletin highlighted the activities of various ransomware groups like LockBit, Clop, Play, and BlackCat, demonstrating their evolving tactics and widespread impact.

 

Take action

Download the Uptycs Quarterly Threat Bulletin Issue #10 today for detailed insights and recommendations to protect your enterprise from the latest cyber threats.