Thursday, October 10, 2024
HomeCryptocurrency hack8220 Gang Exploiting Oracle WebLogic Server Flaw To Deploy Cryptominer

8220 Gang Exploiting Oracle WebLogic Server Flaw To Deploy Cryptominer

Published on

The Oracle WebLogic Server vulnerabilities enable hackers to access unauthorized systems that are used for business data and applications. 

This can enable threat actors to bring in external programs and complete system control, consequently assuming admin privileges. The end result is a breach of information, denial of service attacks, or network propagation of malicious software, among other things. 

Oracle WebLogic Servers are a high-value and broadly implemented technology in organizations, which makes them appealing targets for threat actors who want to achieve maximum impact and monetary gains.

- Advertisement - EHA

Cybersecurity analysts at Broadcom recently discovered that the 8220 gangs have been actively exploiting the Oracle WebLogic server flaw to deploy cryptominer.

8220 Gang Exploiting Oracle WebLogic Server Flaw

The 8220 Gang, a China-affiliated threat group consisting of skilled coders motivated mainly by financial gains, has been operating fairly continuously since 2017. 

This exemplary threat actor has been penetrating high-value entities that include sectors developing sophisticated malware and exploiting vulnerabilities. 

The constant achievement of their ultimate goal—illicit financial gains—combined with new methods and non-detectable schemes has attracted the attention of people all around the globe and raised the levels of defense measures.

Researchers said that this threat group is famous for using malware to mine cryptocurrencies illegally. Its major focus is on Linux servers and cloud-based environments.

The group exploits existing software flaws and then follows several methods, tactics, and procedures (TTPs) to invade systems and gain a stand occasionally.

Looking for Full Data Breach Protection? Try Cynet’s All-in-One Cybersecurity Platform for MSPs: Try Free Demo 

They later divert computational resources to perform secret cryptocurrency mining projects by using it stealthily.

The attackers exploited the following vulnerabilities in one of the recent cyberattacks to insert a cryptocurrency miner:-

For this to happen, threat actors wrote a PowerShell script that enabled them to covertly use mining software on compromised machines by using their system’s resources to mine digital currencies.

The scripts written in PowerShell used a lot of encoding, and in the batch file, there was a section of code that further hides the actual code. 

Due to the utilization of environment variables, the attackers were able to hide the malicious operations, which the security organizations and software would not easily see or detect.

The self-contained infection strategy of the group involved running most of the malware code directly in memory rather than on disk-storage resources, to avoid detection.

Get special offers from ANY.RUN Sandbox. Until May 31, get 6 months of free service or extra licenses. Sign up for free.

Tushar Subhra
Tushar Subhra
Tushar is a Cyber security content editor with a passion for creating captivating and informative content. With years of experience under his belt in Cyber Security, he is covering Cyber Security News, technology and other news.

Latest articles

Mozilla Warns Of Firefox Zero-Day Actively Exploited In Cyber Attacks

A critical use-after-free vulnerability affecting Firefox and Firefox Extended Support Release (ESR) is being...

SpyCloud Embeds Identity Analytics in Cybercrime Investigations Solution to Accelerate Insider and Supply Chain Risk Analysis & Threat Actor Attribution

IDLink, SpyCloud’s new automated digital identity correlation capability, is now core to its industry-leading...

Abusix and Red Sift Form New Partnership, Leveraging Automation to Mitigate Cyber Attacks

The agreement has marked over 600,000 fraudulent domains for takedown in just two months...

Hackers Exploiting Zero-day Flaw in Qualcomm Chips to Attack Android Users

Hackers exploit a zero-day vulnerability found in Qualcomm chipsets, potentially affecting millions worldwide.The flaw,...

Free Webinar

Protect Websites & APIs from Malware Attack

Malware targeting customer-facing websites and API applications poses significant risks, including compliance violations, defacements, and even blacklisting.

Join us for an insightful webinar featuring Vivek Gopalan, VP of Products at Indusface, as he shares effective strategies for safeguarding websites and APIs against malware.

Discussion points

Scan DOM, internal links, and JavaScript libraries for hidden malware.
Detect website defacements in real time.
Protect your brand by monitoring for potential blacklisting.
Prevent malware from infiltrating your server and cloud infrastructure.

More like this

Hackers Exploiting Zero-day Flaw in Qualcomm Chips to Attack Android Users

Hackers exploit a zero-day vulnerability found in Qualcomm chipsets, potentially affecting millions worldwide.The flaw,...

Foxit PDF Reader Vulnerability Let Attackers Execute Arbitary Code

Researchers recently disclosed six new security vulnerabilities across various software, as one critical vulnerability...

Wireshark 4.4.1 Released, What’s new!

Wireshark, the world’s leading network protocol analyzer, has just released version 4.4.1, bringing a...