Gang Utilizes Vulnerabilities in Oracle WebLogic Server to Mine Cryptocurrency

Published:

spot_img

Cryptocurrency Mining Operation Exploiting Oracle WebLogic Server Flaws: A Threat Analysis & Overview

In a recent analysis published by cybersecurity firm Trend Micro, it has been revealed that the financially motivated threat actor known as Water Sigbin, a part of the infamous 8220 Gang, has been exploiting vulnerabilities in Oracle WebLogic Server for conducting a cryptocurrency mining operation. This operation involves the use of fileless execution techniques to evade detection mechanisms.

The researchers identified that the threat actor leverages vulnerabilities such as CVE-2017-3506, CVE- 2017-10271, and CVE-2023-21839 in Oracle WebLogic Server to gain initial access and deploy the miner payload using a multi-stage loading technique. The malware deploys a PowerShell script to drop a first-stage loader disguised as a legitimate WireGuard VPN application, which then launches another binary in memory with the help of a DLL.

Once the foothold is established, a PureCrypter loader is loaded to exfiltrate hardware information to a remote server and run the miner through scheduled tasks while bypassing Microsoft Defender Antivirus. The command-and-control (C2) server sends encrypted messages with XMRig configuration details, leading to the execution of the miner disguised as a legitimate Microsoft binary.

Additionally, the QiAnXin XLab team has identified a new installer tool called k4spreader used by the 8220 Gang to distribute the Tsunami DDoS botnet and the PwnRig mining program through vulnerabilities in Apache Hadoop YARN, JBoss, and Oracle WebLogic Server.

This revelation emphasizes the increasing sophistication and brazenness of cybercriminals in exploiting vulnerabilities for financial gain. It serves as a reminder for organizations to stay vigilant and update their security measures to protect against such threats.

spot_img

Related articles

Recent articles

Cabinet Approves ₹1.27 Lakh Crore Semicon 2.0 to Strengthen India’s Semiconductor Ecosystem

Cabinet Approves ₹1.27 Lakh Crore Semicon 2.0 to Strengthen India's Semiconductor Ecosystem The Union Cabinet of India, led by Prime Minister Narendra Modi, has officially...

TuxBot v3 Evolution Reveals LLM-Assisted IoT Botnet Development with Enhanced Capabilities

TuxBot v3 Evolution Reveals LLM-Assisted IoT Botnet Development with Enhanced Capabilities Recent cybersecurity research has unveiled a new Internet-of-Things (IoT) botnet framework known as TuxBot...

Hackers Expose 19,000 Files, Including Nuclear Blueprints, from India’s Largest Plant on Dark Web

Hackers Expose 19,000 Files, Including Nuclear Blueprints, from India's Largest Plant on Dark Web A significant cybersecurity breach has emerged involving the Kudankulam Nuclear Power...

Australia-India PACTS Advances Cybersecurity and Technology Cooperation

Australia-India PACTS Advances cybersecurity and Technology Cooperation Australia and India have launched the Australia-India Partnership on Cyber, Critical Technologies, and Supply Chains (PACTS), a strategic...