The risk actors related with the 8220 Gang have been noticed exploiting a higher-severity flaw in Oracle WebLogic Server to propagate their malware.
The security shortcoming is CVE-2020-14883 (CVSS score: 7.2), a distant code execution bug that could be exploited by authenticated attackers to consider in excess of susceptible servers.
“This vulnerability allows distant authenticated attackers to execute code making use of a gadget chain and is usually chained with CVE-2020-14882 (an authentication bypass vulnerability also affecting Oracle Weblogic Server) or the use of leaked, stolen, or weak qualifications,” Imperva explained in a report revealed last 7 days.
The 8220 Gang has a heritage of leveraging identified security flaws to distribute cryptojacking malware. Before this May possibly, the team was noticed employing a different shortcoming in Oracle WebLogic servers (CVE-2017-3506, CVSS rating: 7.4) to rope the equipment into a crypto mining botnet.
New attack chains documented by Imperva entail the exploitation of CVE-2020-14883 to specifically craft XML files and in the long run run code liable for deploying stealer and coin mining malware these as Agent Tesla, rhajk, and nasqa.
“The group appears to be opportunistic when selecting their targets, with no clear development in place or business,” Imperva security researcher Daniel Johnston explained.
Targets of the campaign involve health care, telecommunications, and money products and services sectors in the U.S., South Africa, Spain, Columbia, and Mexico.
“The team depends on easy, publicly obtainable exploits to focus on perfectly-regarded vulnerabilities and exploit uncomplicated targets to realize their objectives,” Johnston extra. “Although regarded unsophisticated, they are consistently evolving their tactics and strategies to evade detection.”
Located this write-up intriguing? Adhere to us on Twitter and LinkedIn to examine additional exclusive articles we article.
Some parts of this article are sourced from:
thehackernews.com