JBOSS hack dissected by expert
Researcher Brandon Dixon recently detailed a hack that exploited an application security vulnerability in the JBOSS JMX console, allowing the attackers to gain a substantial degree of access to the victim's enterprise servers.
Despite not being a particularly sophisticated hack, the exploit did manage to compromise valuable data, according to Dixon. Having found the Zmeu Trojan on two servers running an older version of JBOSS console, the author and his coworker quickly discovered that the intrusion was likely the result of a lucky hit by the malware user. The fact that the virtual IP address of the system load balancer was targeted and not either of the compromised servers is instructive.
"This meant that they would be sent to one of the two servers depending on the server load and algorithm used. Because server two was never fully compromised, we suspect that the attacker didn't know they were dealing with two different servers and not just one," Dixon wrote.
The technique used to hack these consoles has been around since at least 2008, according to researchers from N.Runs AG.