image credit: Needpix

Hackers Target Apache Tomcat Servers for Mirai Botnet and Crypto Mining

July 27, 2023


Misconfigured and poorly secured Apache Tomcat servers are being targeted as part of a new campaign designed to deliver the Mirai botnet malware and cryptocurrency miners.

The findings come courtesy of Aqua, which detected more than 800 attacks against its Tomcat server honeypots over a two-year time period, with 96% of the attacks linked to the Mirai botnet.

Of these attack attempts, 20% (or 152) entailed the use of a web shell script dubbed “neww” that originated from 24 unique IP addresses, with 68% of them originating from a single IP address (104.248.157[.]218).

Read More on The Hacker News