Researchers from security firm AquaSec discovered a new Go-based malware that is used in a campaign targeting Redis servers. Threat actors are exploiting a critical vulnerability, tracked as CVE-2022-0543, in Redis (Remote Dictionary Server) servers.
Redis (remote dictionary server) is an open source in-memory database and cache.
The CVE-2022-0543 flaw is a Lua sandbox escape flaw that impacts Debian and Debian-derived Linux distributions. The vulnerability, which was rated 10 out of 10 for severity, could be exploited by a remote attacker with the ability to execute arbitrary Lua scripts to possibly escape the Lua sandbox and execute arbitrary code on the underlying machine.
Juniper Threat Labs researchers reported that the Muhstik botnet has been observed targeting Redis servers exploiting the CVE-2022-0543 vulnerability.
In March 2022, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) added this flaw to its Known Exploited Vulnerabilities Catalog.
The flaw has been fixed in February 2022, but threat actors continue to exploit it in attacks in the wild due to the public availability of a proof-of-concept exploit code.
