Apache RocketMQ已知弱點遭濫用，殭屍網路Muhstik藉此綁架未修補漏洞的分散式訊息串流系統，擴大DDoS攻擊規模-HUIDU Official Website

Apache RocketMQ已知弱點遭濫用，殭屍網路Muhstik藉此綁架未修補漏洞的分散式訊息串流系統，擴大DDoS攻擊規模

支付動態 · 2024-06-11

研究人員針對最新一波殭屍網路Muhstik的攻擊行動提出警告，指出駭客鎖定的目標，主要是分散式訊息串流資料平臺Apache RocketMQ的已知漏洞CVE-2023-33246

此外，該惡意程式還會掃描SSH服務進行橫向移動，從而感染其他電腦。

但為何對方運用一年前公布的已知漏洞發起攻勢？研究人員利用物聯網搜尋引擎Shodan進行調查，結果發現，全球約有5,216臺RocketMQ伺服器，曝露於CVE-2023-33246的資安風險當中，而這些伺服器幾乎位於中國。

值得留意的是，這項漏洞在今年一月傳出已遭到嘗試利用的情況。當時Shadowserver基金會指出，已有駭客透過近400個來源IP位址，試圖利用CVE-2023-33246及CVE-2023-37582。

Popular articles

Are you ready to maximize your earnings? Try ProPush.me Constructor!

Marketing

SBC Summit Canada to Make Player Safety a Key Pillar of 2026 Agenda

Marketing

British gambling levy rates confirmed for each vertical

Regulation

UK MPs reopen 2025 gambling inquiry as reform stalls

Regulation

GAT CDMX 2025 Institutional Academy: Leaders and Experts Analyze the Present and Future of the Gaming Industry in Mexico and Lat

Sports Game

Gaming & Technology Expo Makes a Powerful Entrance in CDMX

Marketing

B2B Tech Infrastructure Gains Momentum in Philippine Gaming Sector

Southeast Asia

GGC Awards 2026 Shines in Colombo: Honoring Leaders and Innovators in the iGaming Industry

HUIDU Focus

Vietnam’s Controlled Gaming Shift Gains Ground, But Domestic Demand Still Lags

Southeast Asia

Online gambling, crypto pose ongoing money laundering risks in Philippines, analyst says

Southeast Asia

Indiana online casino bill stalls in House committee

Regulation

Institutional Academy that exceeded expectations marked the opening of GAT CDMX

Online Game

Across 6 Cities: HUIDU Invites You to 8 World Cup Parties Redefining High-Value Social Networking

HUIDU Focus

Vietnam's tightening online gaming policy creates new market opportunities

Southeast Asia

Kazakhstan plans to penalise online casino promotions

Regulation

Home

Game

Cooperation

Find