Since the disclosure in May that RocketMQ servers had a remote code execution (RCE) bug, multiple threat actors have been making the most of the opportunity, even dusting off a previously dormant crypto bot called DreamBus for the occasion. Threat researchers with Juniper report they have observed several threat actors launching attacks against the RocketMQ server vulnerability, tracked under CVE-2023-33246, to breach systems and drop the DreamBus malicious Monero miner bots.

Source: Dark Reading: Cloud