September 13, 2024 at 01:11PM Hackers are focusing on Oracle WebLogic servers to inject them with a new Linux malware called “Hadooken.” This malware initiates a cryptominer and a tool for distributed denial-of-service (DDoS) attacks. Based on the meeting notes, it is evident that there is a significant security concern related to hackers targeting Oracle … Read more
September 13, 2024 at 08:03AM A new Linux malware named Hadooken targets Oracle WebLogic servers to install additional malware and extract credentials. It is deployed through attacks exploiting weak passwords, then downloads shell and Python scripts to ensure successful execution. Hadooken drops a cryptominer and Tsunami malware, and creates cronjobs for persistence. Other ransomware families’ … Read more
September 13, 2024 at 02:30AM Cybersecurity researchers have discovered a new malware campaign targeting Linux environments to illicitly mine cryptocurrency, focusing on the Oracle Weblogic server. The malware, named Hadooken, deploys a crypto miner and a DDoS botnet, exploiting vulnerabilities and misconfigurations to spread across connected environments. The campaign is linked to hosting companies in … Read more
June 28, 2024 at 08:10AM Security researchers have uncovered details about the 8220 Gang’s cryptocurrency mining operation, exploiting known vulnerabilities in Oracle WebLogic Server. The threat actor uses fileless execution techniques and a multi-stage loading technique, including dropping a miner payload via PowerShell script. Additionally, a new installer tool called k4spreader has been detailed, used … Read more
June 4, 2024 at 12:06AM The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added a security flaw in Oracle WebLogic Server to the catalog of Known Exploited Vulnerabilities, allowing unauthorized server access and control. A China-based group, 8220 Gang, has used the flaw for crypto-mining botnet attacks. Federal agencies are advised to apply fixes by … Read more
December 19, 2023 at 02:51AM The 8220 Gang exploits a high-severity flaw in Oracle WebLogic Server (CVE-2020-14883) to propagate their cryptojacking malware, using known security flaws to distribute it. Imperva documented recent attack chains, targeting healthcare, telecommunications, and financial services sectors in multiple countries. The group relies on simple, publicly available exploits and constantly evolves … Read more