OSGeo

The exploitation of the GeoServer GeoTools flaw designated as CVE-2024-36401 by multiple threat actors resulted in the distribution of various malware, including cryptocurrency miners, bots, and advanced backdoors such as SideWalk, which is linked to the APT41 cyberespionage group. Impacting diverse entities such as IT services in India, technology firms in the US, government operations in Belgium, and telecoms in Thailand and Brazil, the breach allowed for unauthorized remote access, data exfiltration, and additional payload deployment. The wide geographical distribution of the attacks underlines the sophisticated and far-reaching nature of the campaign that capitalized on this vulnerability.

Source: https://securityaffairs.com/168197/malware/geoserver-geotools-flaw-cve-2024-36401-malware.html

"id": "osg001091524",
"linkid": "osgeo",
"type": "Vulnerability",
"date": "9/2024",
"severity": "100",
"impact": "5",
"explanation": "Attack threatening the organization’s existence"