Cybersecurity researchers are warning of suspected exploitation of a recently disclosed critical security flaw in the Apache ActiveMQ open-source message broker service that could result in remote code execution.
“In both instances, the adversary attempted to deploy ransomware binaries on target systems in an effort to ransom the victim organizations,” cybersecurity firm Rapid7 disclosed in a report published Wednesday.
“Based on the ransom note and available evidence, we attribute the activity to the HelloKitty ransomware family, whose source code was leaked on a forum in early October.”