ASEC assessed that Andariel may have abused the Apache ActiveMQ remote code execution flaw CVE-2023-46604 to install NukeSped and TigerRat backdoors on exposed servers. The evidence is circumstantial: the affected system was repeatedly hit after public disclosure of the flaw, showed HelloKitty and downloader activity seen in other ActiveMQ exploitation, and later contained Andariel linked NukeSped. The NukeSped variant supports file download, command execution with result return, and process termination, with encrypted strings and HTTP headers used for C2 commands. The report also links a payload URL at 27.102.128[.]152:8098 to TigerRat activity and lists additional Cobalt Strike, Meterpreter, downloader, and ransomware artifacts seen around the vulnerable server.