Attackers exploited the Spring4Shell remote code execution flaw, tracked as CVE-2022-22965, to gain code execution on vulnerable Spring Framework applications and deploy Mirai botnet malware. Reporting from Trend Micro showed the vulnerability being weaponized shortly after disclosure, with exploitation attempts targeting exposed Java applications that met the conditions for the flaw.
The observed activity linked a high-profile enterprise software vulnerability to commodity botnet operations, demonstrating how internet-facing servers can be rapidly folded into malware infrastructure after public disclosure. In the documented attacks, successful exploitation led to execution of Mirai-related payloads on compromised systems, underscoring the risk of unpatched Spring deployments being used for botnet propagation and follow-on malicious activity.

Mallory correlates global threat intelligence with your attack surface — know if you’re exposed before adversaries strike.
1 event from the most recent confirmed update back to the earliest known activity.
Trend Micro published research analyzing exploitation of CVE-2022-22965 (Spring4Shell), including its use to weaponize and execute Mirai botnet malware. The publication indicates technical details of active abuse and attacker tradecraft were publicly documented by this date.
1 reference tracked. Mallory keeps watching after this page renders.
Map indicators from this story to your assets and identify affected systems in minutes.
Every observed campaign, victim, and pivot linked to actors named in this story.
Malware, exploits, and IOCs connected to the activity described here.
YARA, Sigma, and Snort rules deployed to your SIEM as soon as they’re published.
Get matching new stories delivered to your team as they break — not the next morning.
Ask questions about this story and take action on the answers.