Hackers still target vulnerable Apache RocketMQ servers, 6 months after patch
Take action: No time like the present - run an inventory on your systems and check if any are using RocketMQ. Every one of these systems that's exposed to the internet is a high priority for patching. Chase down the vendors for an updated version. Or lock down the system in an internal network until a patch is available and start looking for replacement products.
Learn More
Hackers are still actively targeting Apache RocketMQ servers with two critical remote command execution vulnerabilities, CVE-2023-33246 and CVE-2023-37582.
The ShadowServer Foundation has observed hundreds of hosts scanning for exposed RocketMQ systems, with some attempting to exploit these vulnerabilities, while DreamBus botnet used CVE-2023-33246 to deploy Monero miners on vulnerable servers since August 2023.
It seems that a lot of third party products carry a RockerMQ server and those haven't been patched by the vendors. Also, there are admins who just don't want to deal with the hassle of the patching.
Things have gotten so bad that the U.S. Cybersecurity and Infrastructure Security Agency (CISA) had to issue an order to federal agencies for patching of their RocketMQ due to the vulnerability's active exploitation.
