According to Microsoft researchers, a botnet that is exploiting flaws in the Spring Framework and WordPress plugins, is being tracked.
Cybercriminals behind the Sysrv botnet are targeting Linux and Windows systems using unpatched vulnerabilities in the Spring Framework and WordPress plugins. Researchers believe the purpose is to infect computers with crypto mining software.
Microsoft Security Intelligence researchers named the botnet variation Sysrv-K and released a thread on Twitter detailing the botnet variant’s features. Sysrv-bot K’s army has been configured to look for instances of the weaknesses in WordPress plugins as well as a recent remote code execution (RCE) hole in the Spring Cloud Gateway, according to researchers (CVE-2022-22947).