Microsoft advises that a new variation of the Sysrv botnet has added a new Spring Cloud Gateway vulnerability to its exploit library.
The Sysrv botnet has been active since at least late 2020, attempting to attack Windows and Linux computers by exploiting known security flaws in access interfaces and installing a Monero crypto miner on them. MongoDB, Jira, Confluence, Drupal, ThinkPHP, Salt-API, Apache Struts, Mongo-Express, and Oracle WebLogic were among the online programs and databases targeted by Sysrv before.
The botnet searches the internet for weak web servers that it may attack. Despite the fact that patches exist for all of the targeted vulnerabilities, it appears that the victim servers have yet to be patched.