Fortinet researchers identified that attackers are actively exploiting the vulnerability to distribute malware, including botnets, cryptominers, and tools like Goreverse. This reverse proxy tool establishes connections with command-and-control servers, enabling further malicious actions. Additionally, the SideWalk malware, linked to the Chinese state-sponsored APT41 group, is being used to exfiltrate data, maintain persistence, and disguise traffic within legitimate network flows.
GeoServer maintainers released a patch on July 1, and the U.S. Cybersecurity and Infrastructure Security Agency (CISA) added the vulnerability to its Known Exploited Vulnerabilities catalog on July 15. Attackers have targeted IT providers in India, government agencies in Belgium, and telecom firms in Brazil and Thailand. The widespread use of GeoServer highlights the critical need for timely patching and enhanced cybersecurity defenses.
This incident emphasizes the risks posed by unpatched vulnerabilities in widely-used software, underscoring the importance of rapid response measures and maintaining up-to-date systems.
Source: BankInfoSecurity
The European Cyber Intelligence Foundation is a nonprofit think tank specializing in intelligence and cybersecurity, offering consultancy services to government entities. To mitigate potential threats, it is important to implement additional cybersecurity measures with the help of a trusted partner like INFRA www.infrascan.net, or you can try yourself using check.website.