Security News > 2020 > December > Critical Oracle WebLogic flaw actively exploited by DarkIRC malware
A botnet known as DarkIRC is actively targeting thousands of exposed Oracle WebLogic servers in attacks designed to exploit the CVE-2020-14882 remote code execution vulnerability fixed by Oracle two months ago.
Almost 3,000 Oracle WebLogic servers are reachable over the Internet based on Shodan stats and allow unauthenticated attackers to execute remote code on targeted servers according to a Juniper Threat Labs report.
While attackers are currently targeting potentially vulnerable WebLogic servers using at least five different payloads, the most interesting is the DarkIRC malware "Currently being sold on hack forums for $75.".
Critical WebLogic flaw also targeted in previous attacks.
Last month, attackers also targeted Oracle WebLogic servers vulnerable to CVE-2020-14882 exploits to deploy Cobalt Strike beacons that allow for persistent remote access to compromised servers for harvesting information and deploying second stage malware payloads.
News URL
Related Vulnerability
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2020-10-21 | CVE-2020-14882 | Unspecified vulnerability in Oracle Weblogic Server Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Console). | 10.0 |