March 19, 2024 at 06:18AM
Hackers are targeting a recently patched Aiohttp vulnerability, potentially affecting thousands of servers globally. A Shodan search reveals over 70,000 instances, with notable exposure in the US, China, and Germany. Cyble’s scanner identified 43,000 exposed instances, with high percentages in the US and Europe. Exploitation attempts have been observed, including by the ShadowSyndicate cybercrime group. The impact of this vulnerability on organizations is concerning.
Based on the meeting notes, the key takeaways are:
1. Hackers are actively attempting to exploit the recently patched Aiohttp vulnerability (CVE-2024-23334), which could impact thousands of servers worldwide.
2. A Shodan search for ‘aiohttp’ shows more than 70,000 results worldwide, with significant percentages seen in the US and Europe.
3. Exploitation attempts are coming from multiple IP addresses, including one associated with the cybercrime group ShadowSyndicate, a ransomware-as-a-service affiliate.
The potential risk posed by unpatched Aiohttp servers and threat actors targeting this vulnerability is concerning, even though there is no conclusive evidence of successful exploitation at present.