At least six different groups of attackers are looking for and exploiting insecure Elasticsearch deployments to abuse servers. Elasticsearch is a distributed search engine platform written in Java designed for processing large data sets. The exploits affect Elasticsearch 1.4.2 and lower, and the malicious scripts deliver different payloads depending on the actor using them. The attacks leverage CVE-2014-3120 and CVE-2015-1427, both of which are only present in old versions of Elasticsearch and exploit the ability to pass scripts to search queries.”]