CyberSecurityBoard
Sponsor Register Login

8220 gang exploits old Oracle WebLogic vulnerability to deliver infostealers, cryptominers

The 8220 gang has been leveraging an old Oracle WebLogic Server vulnerability to distribute malware, the Imperva Threat Research team has found.
Active since 2017, the 8220 gang has been known for deploying cryptocurrency miners on Linux and Windows hosts by exploiting known vulnerabilities.
Earlier this year, Trend Micro researchers revealed that 8220 have been exploiting CVE-2017-3506 - another critical vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware - to gain control of the targeted systems and install cryptominers.
This time around, the gang has tried exploiting CVE-2020-14883, a critical remote code execution vulnerability in Oracle WebLogic Server.
Following the exploit, the attackers download maliciously crafted XML files, allowing code execution, and finally deploy stealer and cryptominer malware.


This Cyber News was published on www.helpnetsecurity.com. Publication date: Wed, 20 Dec 2023 13:13:08 +0000


Cyber News related to 8220 gang exploits old Oracle WebLogic vulnerability to deliver infostealers, cryptominers

8220 gang exploits old Oracle WebLogic vulnerability to deliver infostealers, cryptominers - The 8220 gang has been leveraging an old Oracle WebLogic Server vulnerability to distribute malware, the Imperva Threat Research team has found. Active since 2017, the 8220 gang has been known for deploying cryptocurrency miners on Linux and Windows ...
6 months ago Helpnetsecurity.com
Imperva Detects Undocumented 8220 Gang Activities - Imperva Threat Research has detected previously undocumented activity from the 8220 gang, which is known for the mass deployment of malware using a variety of continuously evolving TTPs. This threat actor has been known to target both Windows and ...
6 months ago Imperva.com
Why Infostealers are Stealing the Security Spotlight - The threat from Malware continues to escalate with infostealers, an increasingly popular variant. Research found that 24% of malware is now infostealers, and it's now one of the most popular topics on the cybercriminal underground. The malicious ...
7 months ago Cybersecurity-insiders.com
Imperva Report Previously Undocumented 8220 Gang Activities - Imperva Threat Research team has recently discovered a previously unreported activity from the 8220 gang, which is well-known for mass-deploying a range of constantly evolving TTPs to distribute malware in large quantities. The threat actor has a ...
6 months ago Cysecurity.news
Securities and Exchange Commission Cyber Disclosure Rules: How to Prepare for December Deadlines - Starting Dec. 18, publicly traded companies will need to report material cyber threats to the SEC. Deloitte offers business leaders tips on how to prepare for these new SEC rules. The U.S. Securities and Exchange Commission’s new rules around ...
7 months ago Techrepublic.com
CVE-2016-0635 - Unspecified vulnerability in the Enterprise Manager Ops Center component in Oracle Enterprise Manager Grid Control 12.1.4, 12.2.2, and 12.3.2; the Oracle Health Sciences Information Manager component in Oracle Health Sciences Applications 1.2.8.3, ...
5 years ago
8220 Hacker Group Attacking Windows and Linux Web Servers - The 8220 hacker group, which was first identified in 2017 by Cisco Talos, is exploiting both Windows and Linux web servers with crypto-jacking malware. One of their recent activities involved the exploitation of Oracle WebLogic vulnerability and ...
6 months ago Gbhackers.com
An Argument for Coordinated Disclosure of New Exploits - There were more than 23,000 vulnerabilities discovered and disclosed. While not all of them had associated exploits, it has become more and more common for there to be a proverbial race to the bottom to see who can be the first to release an exploit ...
1 month ago Darkreading.com
CVE-2006-2472 - Unspecified vulnerability in BEA WebLogic Server 9.1 and 9.0, 8.1 through SP5, 7.0 through SP6, and 6.1 through SP7 allows untrusted applications to obtain private server keys. Hyperlink #907650 has patches for the following products: ...
6 years ago
Oracle’s First Security Update for 2023 Includes 327 New Patches - Oracle has released its first security update of 2023, delivering 327 new security fixes and patching a range of critical vulnerabilities. This update covers products spanning across Oracle’s Cloud portfolio, Fusion Middleware, Hyperion, E-Business ...
1 year ago Securityweek.com
Raspberry Robin devs are buying exploits for faster attacks The Register - Researchers suspect the criminals behind the Raspberry Robin malware are now buying exploits for speedier cyberattacks. An exploit developer is thought by infosec pros to be either on the Raspberry Robin payroll or a close contact that sells them to ...
4 months ago Go.theregister.com
Raspberry Robin malware evolves with early access to Windows exploits - Recent versions of the Raspberry Robin malware are stealthier and implement one-day exploits that are deployed only on systems that are susceptible to them. One-day exploits refer to code that leverages a vulnerability that the developer of the ...
4 months ago Bleepingcomputer.com
CVE-2017-10352 - Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: WLS - Web Services). The supported version that is affected are 10.3.6.0.0, 12.1.3.0.0, 12.2.1.1.0, 12.2.1.2.0 and 12.2.1.3.0. Easily exploitable ...
4 years ago
CVE-2019-2418 - Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: WLS Core Components). Supported versions that are affected are 10.3.6.0, 12.1.3.0 and 12.2.1.3. Difficult to exploit vulnerability allows unauthenticated ...
3 years ago
CVE-2022-21616 - Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Web Container). Supported versions that are affected are 12.2.1.3.0, 12.2.1.4.0 and 14.1.1.0.0. Difficult to exploit vulnerability allows high privileged ...
1 year ago
CVE-2006-2471 - Multiple vulnerabilities in BEA WebLogic Server 8.1 through SP4, 7.0 through SP6, and 6.1 through SP7 leak sensitive information to remote attackers, including (1) DNS and IP addresses to address to T3 clients, (2) internal sensitive information ...
6 years ago
Research Reveals That Infostealers Target Healthcare Sector Data - New research by Netskope Threat Labs has revealed that infostealers were the primary malware and ransowmare families used to target the healthcare sector. Healthcare was among the top sectors impacted during 2023 by mega breaches, an attack where ...
3 months ago Itsecurityguru.org
Vulnerability Summary for the Week of February 12, 2024 - Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Application Object Library. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise ...
4 months ago Cisa.gov
CVE-2022-21386 - Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Web Container). Supported versions that are affected are 12.1.3.0.0, 12.2.1.3.0, 12.2.1.4.0 and 14.1.1.0.0. Easily exploitable vulnerability allows ...
2 years ago
CVE-2022-21361 - Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Sample apps). Supported versions that are affected are 12.2.1.4.0 and 14.1.1.0.0. Easily exploitable vulnerability allows unauthenticated attacker with ...
2 years ago
CVE-2022-21262 - Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Samples). Supported versions that are affected are 12.2.1.4.0 and 14.1.1.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network ...
2 years ago
CVE-2022-21257 - Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Samples). Supported versions that are affected are 12.2.1.4.0 and 14.1.1.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network ...
2 years ago
CVE-2022-21258 - Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Samples). The supported version that is affected is 14.1.1.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP ...
2 years ago
CVE-2022-21261 - Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Samples). Supported versions that are affected are 12.2.1.4.0 and 14.1.1.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network ...
2 years ago
CVE-2022-21260 - Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Samples). Supported versions that are affected are 12.2.1.4.0 and 14.1.1.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network ...
2 years ago

Latest Cyber News


Cyber Trends (last 7 days)


Trending Cyber News (last 7 days)