If you have not fixed the Spring4Shell vulnerability, Mirai botnet will automatically take control of your network

After multiple rumors, researchers from security firm Trend Micro confirmed that the Spring4Shell vulnerability is being exploited by Mirai botnet hackers. As previously reported, CVE-2022-22965 and CVE-2022-22963 are critical vulnerabilities in the Spring application development framework whose exploitation would allow threat actors to deploy remote code execution (RCE) attacks.

Although this flaw does not appear to be being exploited at the level of bugs like Log4Shell, this flaw could still affect thousands of organizations around the world. Most of these exploit attempts are designed to deliver a web shell that would allow threat actors to gain broader access to the environment of the affected organization.

This week, Chinese firm Qihoo 360 detected that a botnet using the Mirai malware has also been exploding Spring4Shell, a report that was analyzed and confirmed by Trend Micro experts.

In its report, Trend Micro details the finding: “We observed the active exploitation of Spring4Shell, which would allow threat actors to run the Mirai malware on vulnerable servers.” Apparently, the detected malware sample is downloaded to the /tmp folder and executed after the permission change to be executable using ‘chmod’.

Operators of the Mirai botnet typically rush to add newly revealed vulnerabilities to their arsenal of exploits, hoping to attack as many targets as possible before companies and developers release updates to address these flaws. This campaign has also exploited the Log4Shell vulnerability.

Researchers, developers, and security firms have issued mitigation tools and methods to reduce the risk of Spring4Shell exploitation. The cybersecurity industry will continue to keep abreast of exploitation cases and potential related risks.

To learn more about information security risks, malware variants, vulnerabilities and information technologies, feel free to access the International Institute of Cyber Security (IICS) websites.