The Apache ActiveMQ vulnerability (CVE-2023-46604), previously associated with various threat streams including ransomware deployment (HelloKitty and LockBit), botnets like Kinsing and Ddostf, and the Lazarus APT, is currently being actively exploited by three additional threats based on a Fortinet report:
GoTitan botnet, designed for carrying out DDoS attacks.
PrCtrl RAT, a trojanized backdoor.
Sliver, a framework for penetration testing that has been frequently misused. It is often employed as an alternative to the more widely known Cobalt Strike.
Clipeus recommends referring to previous reports for full context and also encourages reviewing the Ransomware Watch page, which identifies this vulnerability as one of the primary vectors for ransomware attacks at the moment.