Active Exploitation Of Adobe ColdFusion Vulnerabilities Detected Despite Being Patched

Months after patching the vulnerabilities, researchers still detected active exploitation of Adobe ColdFusion for malware attacks. Researchers warn users to patch their systems as soon as possible.

Adobe ColdFusion Vulnerabilities Under Attack

Researchers from Fortinet’s FortiGuard Labs have detected active exploitation of Adobe ColdFusion vulnerabilities that the tech giant has already patched.

As explained in their post, the researchers found multiple threat actors exploiting ColdFusion flaws to deploy malware. Briefly, they detected numerous probing activities using the tool “interacts, which otherwise facilitates the researchers in checking successful exploits. These activities linked back to various suspicious domains, hinting at malicious use of the tool, likely to identify vulnerable systems.

In the next step, the threat actors triggered shell sessions on vulnerable devices to access the computers. Once obtained, the attackers then deployed different malware on the target systems. These include

  • XMRig Miner – a cryptominer actively involved in various malicious campaigns where attackers try to exploit the victim machines’ resources for Monero mining.
  • Satan DDoS/Lucifer – a cryptojacking malware that can also trigger DDoS attacks. While it initially emerged as a Windows malware, Fortinet researchers noticed another malware variant involved in the attacks that targeted Linux too.
  • RudeMiner – another malware targeting cryptowallets that also conducts DDoS attacks.
  • BillGates/Setag backdoor – a potent backdoor allowing threat actors to hijack target devices.

The ColdFusion vulnerabilities exploited in these campaigns first made into the news in July this year as zero-day flaws when Adobe released urgent patches for the flaws following their active exploitation.

However, even after months since the patches were available, users seem ignorant about updating their systems with the latest versions.

Consequently, despite patching the vulnerabilities as actively exploited zero-days, the threat actors still appear successful in continuously exploiting the flaws for malware attacks. It now seems inevitable for all Adobe ColdFusion users to update their systems immediately to avoid falling prey to malware.

Let us know your thoughts in the comments.

Related posts

Water Facilities Must Secure Exposed HMIs – Warns CISA

Microsoft December Patch Tuesday Arrived With 70+ Bug Fixes

NachoVPN Attack Risks Corporate VPN Clients