A threat actor has been observed “patching” a vulnerability post exploitation, likely in a bid to lock out other adversaries and secure exclusive access. The novel tactic was detected by Red Canary researchers in a cluster of activity targeting a flaw in Apache ActiveMQ, an open-source message broker, to gain persistent access on cloud-based Linux systems. The critical vulnerability, CVE-2023-46604, allows for remote code execution (RCE) in Linux systems due to inadequate validation of throwab
