Security News > 2023 > December > 8220 gang exploits old Oracle WebLogic vulnerability to deliver infostealers, cryptominers

The 8220 gang has been leveraging an old Oracle WebLogic Server vulnerability to distribute malware, the Imperva Threat Research team has found.

Active since 2017, the 8220 gang has been known for deploying cryptocurrency miners on Linux and Windows hosts by exploiting known vulnerabilities.

"The group relies on simple, publicly available exploits to target well-known vulnerabilities and exploit easy targets to achieve their objectives. While considered unsophisticated, they are constantly evolving their tactics and techniques to evade detection," noted Daniel Johnston, security analyst at Imperva.

Earlier this year, Trend Micro researchers revealed that 8220 have been exploiting CVE-2017-3506 - another critical vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware - to gain control of the targeted systems and install cryptominers.

This time around, the gang has tried exploiting CVE-2020-14883, a critical remote code execution vulnerability in Oracle WebLogic Server.

"This vulnerability allows remote authenticated attackers to execute code using a gadget chain and is commonly chained with CVE-2020-14882 or the use of leaked, stolen, or weak credentials," Johnston explained.

News URL

https://www.helpnetsecurity.com/2023/12/20/8220-oracle-weblogic-vulnerability/