Chinese hackers target servers running Apache Struts apps
Chinese hackers are using an automated tool to exploit known vulnerabilities in Apache Struts, in order to install backdoors on servers hosting applications developed with the framework.
Apache Struts is a popular open-source framework for developing Java-based Web applications that's maintained by the Apache Software Foundation.
Several security updates were released for Struts this year, including last month, to address highly critical vulnerabilities that could enable remote attackers to execute arbitrary commands on Web servers running applications built with the framework. Hackers have since taken notice and are now actively exploiting those flaws, according to researchers from security firm Trend Micro, who found a tool on Chinese underground forums that automates attacks against vulnerable Struts versions.