Monday, February 22, 05:10
Home security DarkIRC botnet: Exploits vulnerabilities in Oracle WebLogic servers!

DarkIRC botnet: Exploits vulnerabilities in Oracle WebLogic servers!

Security researchers say DarkIRC botnet is currently targeting thousands of exposed Oracle WebLogic servers by exploiting vulnerabilities CVE-2020-14882. Hackers can exploit this vulnerability and take full control of a system by sending a simple HTTP GET request. The vulnerability has been assessed as critical, receiving a severity score of 9,8 out of 10, while affecting publications 10.3.6.0.0, 12.1.3.0.0, 12.2.1.3.0, 12.2.1.4.0 and 14.1.1.0 Oracle WebLogic Server.

The vulnerability was discovered by security researcher "Voidfyoo" of the Chaitin Security Research Lab. In accordance with Shodan, 2.973 Oracle WebLogic servers exposed in Internet are potentially vulnerable to remote attacks exploiting this vulnerability. Most of them systems are located at China (829), followed by USA (526) and the Iran (369).

DarkIRC botnet: Exploits vulnerabilities in Oracle WebLogic servers!

In addition, researchers at Juniper Threat Labs observed at least five different variants of malicious payloads. One of the payloads that researchers have noticed that targets Oracle WebLogic servers is DarkIRC malware currently sold in hacking forums, priced at $ 75.

Searching for the cybercriminals behind this threat, the researchers discovered an account at Hack Forums with the name “Freak_OG” DarkIRC botnet has been advertising since August 2020. However, it is not clear if Freak_OG is behind the recent wave of attacks.

Intruders sent an HTTP GET request to a vulnerable WebLogic server, which ran a PowerShell script to download and run a binary file hosted on cnc [.] C25e6559668942 [.] Xyz.

DarkIRC botnet: Exploits vulnerabilities in Oracle WebLogic servers!

DarkIRC botnet operators used encryption to avoid detection. Additionally, malware implements a function Bitcoin clipper to hack Bitcoin transactions on the infected system, changing the address of the Bitcoin wallet that has been copied to the Bitcoin wallet address of the malware operator.

In October, security researchers at the SANS Technology Institute created a collection of honeypots which allowed them to detect a series of attacks shortly after the publication of the exploit code for vulnerability CVE-2020-14882. Also, in early November, at least one ransomware The gang took advantage of the CVE-2020-14882 vulnerability that affects Oracle WebLogic servers.

Finally, CISA recommends that administrators apply the security update to secure their servers.

LEAVE ANSWER

Please enter your comment!
Please enter your name here

Pohackontas
Pohackontashttps://www.secnews.gr
Every accomplishment starts with the decision to try.

LIVE NEWS

How to make a Facetime Audio call

Tired of low quality cell phone calls? Thanks to FaceTime, you can make high-resolution calls if you use iPhone, iPad, ...

How to add special effects to Instagram messages

Did you know that you can make instant Instagram messages more impressive? Like any other Instagram feature, you can add special ...

Only 270 addresses are responsible for 55% of all money laundering

Cybercriminals who keep their money in cryptocurrencies tend to "launder" money through a small set of online services, according to ...

Twitter: Voice messages are coming! How do we send them?

Twitter will soon support voice messages in both iOS and Android applications. This means that you will be able to send ...

How to connect a Bluetooth headset to a Nintendo Switch

The Nintendo Switch has a headphone jack. However, most headphones have become wireless so you will need a way to connect them ...

How to hide your phone number in Telegram

If you wish to create a Telegram account, you must provide your telephone number. In this way, Telegram validates the ...

Google Assistant: How can you delete your recordings?

Google Assistant can make your daily life much easier. However, it also involves some privacy issues, as ...

Microsoft: Office 2021 / Office LTSC coming in the second half of 2021

Microsoft announced that the Microsoft Office Long Term Service Channel (LTSC) and Office 2021 will be released in 2021, for ...

How to quickly create QR codes with Bing

If you ever need to create a QR code, but you do not know how, Microsoft has an easy-to-use tool available in any program ...

Brave: Onion addresses leaked to DNS traffic

The Tor function included in the Brave web browser, allows users to access .onion dark web domains within ...