Security News > 2020 > December > Critical Oracle WebLogic flaw actively exploited by DarkIRC malware

Critical Oracle WebLogic flaw actively exploited by DarkIRC malware
2020-12-01 11:30

A botnet known as DarkIRC is actively targeting thousands of exposed Oracle WebLogic servers in attacks designed to exploit the CVE-2020-14882 remote code execution vulnerability fixed by Oracle two months ago.

Almost 3,000 Oracle WebLogic servers are reachable over the Internet based on Shodan stats and allow unauthenticated attackers to execute remote code on targeted servers according to a Juniper Threat Labs report.

While attackers are currently targeting potentially vulnerable WebLogic servers using at least five different payloads, the most interesting is the DarkIRC malware "Currently being sold on hack forums for $75.".

Critical WebLogic flaw also targeted in previous attacks.

Last month, attackers also targeted Oracle WebLogic servers vulnerable to CVE-2020-14882 exploits to deploy Cobalt Strike beacons that allow for persistent remote access to compromised servers for harvesting information and deploying second stage malware payloads.


News URL

https://www.bleepingcomputer.com/news/security/critical-oracle-weblogic-flaw-actively-exploited-by-darkirc-malware/

Related Vulnerability

DATE CVE VULNERABILITY TITLE RISK
2020-10-21 CVE-2020-14882 Unspecified vulnerability in Oracle Weblogic Server
Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Console).
network
low complexity
oracle
critical
9.8

Related vendor

VENDOR LAST 12M #/PRODUCTS LOW MEDIUM HIGH CRITICAL TOTAL VULNS
Oracle 781 388 3148 2078 432 6046