Apache ActiveMQ Vulnerability Exploited for LockBit Ransomware Attack

Apache ActiveMQ Vulnerability Exploited for LockBit Ransomware Attack

First seen 25 Feb 2026, 06:09 UTC ThedfirreportCybersecuritynewsGbhackers 83% similarity 52.9

Article Content

Browse articles
ThreatCluster

Threat actors exploited a critical vulnerability (CVE-2023-46604) in Apache ActiveMQ, leading to a LockBit ransomware deployment across an enterprise network. The attackers gained access through an exposed Windows server using Remote Desktop Protocol, resulting in significant system encryption. Despite efforts to evict the intruders, the ransomware spread rapidly within the network.

ThreatCluster AI

Timeline

2023-10-26
First public PoC for CVE-2023-46604 released
2023-10-27
CVE-2023-46604 published
2023-11-02
CVE-2023-46604 added to CISA KEV for active exploitation
2026-02-23
Threat actor exploited CVE-2023-46604 on ActiveMQ server
2026-02-25
LockBit ransomware deployment reported across enterprise network

Community

Browse all →