top of page

Apache ActiveMQ Vulnerability Exploited in 'HelloKitty' Ransomware Attack, Urgent Patching Advised

In recent cybersecurity developments, a partner organization of Huntress faced a ransomware attack, dubbed "HelloKitty," on October 27, 2023. This incident closely aligned with Rapid7's findings on November 1, which pointed to suspected exploitation of the Apache ActiveMQ CVE-2023-46604 vulnerability.

CVE-2023-46604, identified by Rapid7, is a remote code execution vulnerability that Huntress has already observed being exploited in a monitored environment. Urgent action is recommended by Huntress to patch systems running Apache ActiveMQ. Patches are available for versions 5.15.16, 5.16.7, 5.17.6, and 5.18.3. System administrators can determine their ActiveMQ version using a command-line tool, "activemq --version."

Patches and further details can be accessed on the Apache ActiveMQ website. If patching is not immediately possible, isolating these systems from the internet is advised to reduce the attack surface.


bottom of page