Intel Name: Tomcat in the crosshairs: new research reveals ongoing attacks
Date of Scan: April 9, 2025
Impact: Medium
Summary: Researchers discovered a new attack campaign targeting Apache Tomcat servers. The attackers use brute-force methods to gain access, deploy encrypted payloads, steal SSH credentials, and hijack resources for cryptocurrency mining. The attack exploits vulnerabilities in Tomcat, involving disguised malicious binaries as kernel processes to maintain persistence. The campaign is believed to be linked to a Chinese-speaking threat actor.
