Multiple threat actors exploited a GeoServer GeoTools flaw (CVE-2024-36401), leading to malware campaigns delivering cryptocurrency miners, bots, and the SideWalk backdoor. Targeted entities include IT service providers in India, US technology firms, Belgian government bodies, and telecom companies in Thailand and Brazil. Exploits allowed persistent remote access, data exfiltration, and payload deployment, potentially causing widespread disruption across targeted regions and industries. Open-source flexibility requires strict security measures, including timely updates and threat detection strategies to mitigate risks posed by such vulnerabilities.
Source: https://securityaffairs.com/168197/malware/geoserver-geotools-flaw-cve-2024-36401-malware.html
"id": "geo001091424",
"linkid": "geosolutionsgroup",
"type": "Vulnerability",
"date": "9/2024",
"severity": "100",
"impact": "5",
"explanation": "Attack threatening the organization’s existence"