Spring4Shell vulnerability exploited for compromising systems to be used in Mirai DDoS attacks

Trend Micro Threat Research identify malicious actors actively exploiting the Spring4Shell vulnerability to weaponize and execute the Mirai DDoS botnet malware.

Spring4Shell is a critical remote code execution (RCE) vulnerability tracked as CVE-2022-22965, that affects the Spring Framework, a widely used enterprise-level Java app development platform. Since it's discovery, a patch has been made available by Spring.   .

The Mirai group is leveraging the Spring4Shell vulnerability to transfer the Mirai malware to the “/tmp” folder of unpatched systems and execute it after changing the permissions by using “chmod”.

This case serves as a warning to organizations to prioritize the identification of systems vulnerable to the Spring4Shell vulnerability, but in general the necessity to monitor continuously their exposed systems for the presence of new critical vulnerabilities to patch before bad actors take advantage of them to cause damage, extract data or demand ransoms.

Pro CISO® offers managed Vulnerability Management services that allow companies to perform a scan of their infrastructure and provide a report with recommendations, prioritized per severity, just in a matter of days. 
The Trend Micro report
Spring updates page