Old Oracle WebLogic vulnerability leveraged in cryptomining attacks

Vulnerable Oracle WebLogic servers impacted by the CVE-2017-3506 flaw, which could be exploited for arbitrary command execution, are being targeted by the cryptojacking operation 8220 Gang to facilitate cryptomining malware distribution, according to The Hacker News. Such a vulnerability is being leveraged by 8220 Gang to drop a PowerShell payload used as the basis for a separate PowerShell script that helps elude detection by the Windows Antimalware Scan Interface before fetching another obfuscated payload, a Trend Micro report showed.

Read full article on SC Magazine

 


Date:

Categorie(s):

Tag(s):