Lucene search

K
thnThe Hacker NewsTHN:BAEFC84908358E8DE4118D3FEDE0AF82
HistoryDec 19, 2023 - 6:58 a.m.

8220 Gang Exploiting Oracle WebLogic Server Vulnerability to Spread Malware

2023-12-1906:58:00
The Hacker News
thehackernews.com
46
8220 gang
oracle weblogic server
cve-2020-14883
cve-2020-14882
malware
exploitation
security flaws
imperva
target sectors
countries

AI Score

8.2

Confidence

Low

EPSS

0.975

Percentile

100.0%

WebLogic Server Vulnerability

The threat actors associated with the 8220 Gang have been observed exploiting a high-severity flaw in Oracle WebLogic Server to propagate their malware.

The security shortcoming is CVE-2020-14883 (CVSS score: 7.2), a remote code execution bug that could be exploited by authenticated attackers to take over susceptible servers.

“This vulnerability allows remote authenticated attackers to execute code using a gadget chain and is commonly chained with CVE-2020-14882 (an authentication bypass vulnerability also affecting Oracle Weblogic Server) or the use of leaked, stolen, or weak credentials,” Imperva said in a report published last week.

Cybersecurity

The 8220 Gang has a history of leveraging known security flaws to distribute cryptojacking malware. Earlier this May, the group was spotted utilizing another shortcoming in Oracle WebLogic servers (CVE-2017-3506, CVSS score: 7.4) to rope the devices into a crypto mining botnet.

Recent attack chains documented by Imperva entail the exploitation of CVE-2020-14883 to specially craft XML files and ultimately run code responsible for deploying stealer and coin mining malware such as Agent Tesla, rhajk, and nasqa.

Oracle WebLogic

“The group appears to be opportunistic when selecting their targets, with no clear trend in country or industry,” Imperva security researcher Daniel Johnston said.

Targets of the campaign include healthcare, telecommunications, and financial services sectors in the U.S., South Africa, Spain, Columbia, and Mexico.

“The group relies on simple, publicly available exploits to target well-known vulnerabilities and exploit easy targets to achieve their objectives,” Johnston added. “While considered unsophisticated, they are constantly evolving their tactics and techniques to evade detection.”

Found this article interesting? Follow us on Twitter and LinkedIn to read more exclusive content we post.