Tomcat in the Crosshairs: New Research Reveals Ongoing Attacks

Apache Tomcat servers are being actively targeted by threat actors in a new campaign that exploits misconfigurations and known vulnerabilities. Our research reveals the scale and sophistication of these attacks.

The campaign specifically targets misconfigured Tomcat instances, using automated tools to identify and exploit vulnerable deployments. Successful compromises lead to cryptomining, data exfiltration, and lateral movement.

Attack Vectors

• Exploitation of default credentials and weak authentication
• Leveraging unpatched vulnerabilities in Tomcat instances
• Automated scanning and exploitation of exposed management interfaces