Security News > 2020 > November > Chinese-linked Muhstik botnet targets Oracle WebLogic, Drupal
Muhstik is a botnet that leverages known web application exploits to compromise IoT devices, such as routers, to mine cryptocurrency.
Although Muhstik botnet has been around for at least 2018, in December 2019, Palo Alto Networks had identified a new variant of the botnet attacking and taking over Tomato routers.
Some of the vulnerabilities exploited by Muhstik include Oracle WebLogic Server bugs and Drupal RCE flaw.
The IRC servers are the C2 infrastructure powering the Muhstik botnet.
"Usually Muhstik will be instructed to download an XMRrig miner and a scanning module. The scanning module is used for growing the botnet through targeting other Linux servers and home routers," Hall continued.