Mirai Botnet Exploits Vulnerability in Spring4Shell

Mirai Botnet Exploits Vulnerability in Spring4Shell

Trend Micro confirmed on Friday that the Mirai botnet has exploited the new Spring4Shell vulnerability. Two critical vulnerabilities in the popular Java application development framework Spring have been patched recently: CVE-2022-22965 (also known as Spring4Shell and SpringShell) and CVE-2022-22963.

Both flaws allow for remote code execution and appear to have been exploited by malicious actors, with attacks reportedly beginning before Spring developers released patches. The majority of these exploitation attempts are aimed at delivering a web shell that the attacker can use to gain additional access to the targeted organization’s environment.

Spring4Shell appears to have been used by a botnet powered by the infamous Mirai malware as well.

Read More: https://www.securityweek.com/spring4shell-vulnerability-exploited-mirai-botnet