CVE-2018-9866

Vulnerability Profile Updated a month ago
Download STIX
Preview STIX
CVE-2018-9866 is a vulnerability that was discovered in Apache Struts, an open-source web application framework used by many organizations. The vulnerability allows remote attackers to execute arbitrary code on the server by sending specially crafted requests to the affected server. This type of attack is called a Remote Code Execution (RCE) attack and can result in the complete compromise of the targeted system. The vulnerability was first disclosed in July 2018, and a patch was released shortly after. However, it didn't take long for cybercriminals to start exploiting it. In fact, in September 2018, just two months after the disclosure, security researchers detected attacks targeting the vulnerability. These attacks were attributed to a hacking group known as APT-C-27, which has been active since at least 2013. The group, believed to be sponsored by the Chinese government, has been linked to various cyber espionage campaigns targeting governments and private organizations. The impact of CVE-2018-9866 was significant, with many organizations being affected. The vulnerability highlighted the importance of promptly applying patches and keeping software up-to-date to prevent cyberattacks. Additionally, the attribution of the attacks to a nation-state actor underscores the need for organizations to take cybersecurity seriously and implement robust security measures to protect their systems from advanced threats.
What's your take? (Question 1 of 2)
Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.
Possible Aliases / Cluster overlaps
It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at.
IDVotesProfile Description
Miscellaneous Associations
Other elements of context that could aid in the identification of relevance
Linux
Malware
Associated Malware
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
RabbotUnspecified
1
Rabbot is a malicious software, or malware, discovered by Anomali Labs' cyber threat researchers. It shares the same code base with another malware called Linux Rabbit. Both were used in a campaign targeting Linux servers and Internet-of-Things (IoT) devices that started in August 2018 and continued
Associated Threat Actors
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
No associations to display
Associated Vulnerabilities
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
No associations to display
Source Document References
Information about the CVE-2018-9866 Vulnerability was read from the documents corpus below. This display is limited to 20 results, create a free account to see more
SourceCreatedAtTitle
MITRE
a year ago
Linux Rabbit/Rabbot Malware