8220 Gang Exploiting Oracle WebLogic Flaw to Hijack Servers and Mine Cryptocurrency – The Hacker News

The notorious cryptojacking group tracked as 8220 Gang has been spotted weaponizing a six-year-old security flaw in Oracle WebLogic servers to ensnare vulnerable instances into a botnet and distribute cryptocurrency mining malware.

The flaw in question is CVE-2017-3506 (CVSS score: 7.4), which, when successfully exploited, could allow an unauthenticated attacker to execute arbitrary commands remotely.

"This allows attackers to gain unauthorized access to sensitive data or compromise the entire system," Trend Micro researcher Sunil Bharti said in a report published this week.

8220 Gang, first documented by Cisco Talos in late 2018, is so named for its original use of port 8220 for command-and-control (C2) network communications.

"8220 Gang identifies targets via scanning for misconfigured or vulnerable hosts on the public internet," SentinelOne noted last year. "8220 Gang is known to make use of SSH brute force attacks post-infection for the purposes of lateral movement inside a compromised network."

Earlier this year, Sydig detailed attacks mounted by the "low-skill" crimeware group between November 2022 and January 2023 that aim to breach vulnerable Oracle WebLogic and Apache web servers and deploy a cryptocurrency miner.

It has also been observed making use of an off-the-shelf malware downloader known as PureCrypter as well as a crypter codenamed ScrubCrypt to conceal the miner payload and evade detection by security software.

In the latest attack chain documented by Trend Micro, the Oracle WebLogic Server vulnerability is leveraged to deliver a PowerShell payload, which is then used to create another obfuscated PowerShell script in memory.

This newly created PowerShell script disables Windows Antimalware Scan Interface (AMSI) detection and launches a Windows binary that subsequently reaches out to a remote server to retrieve a "meticulously obfuscated" payload.

The intermediate DLL file, for its part, is configured to download a cryptocurrency miner from one of the three C2 servers 179.43.155[.]202, work.letmaker[.]top, and su-94.letmaker[.]top using TCP ports 9090, 9091, or 9092.

Trend Micro said recent attacks have also entailed the misuse of a legitimate Linux tool called lwp-download to save arbitrary files on the compromised host.

"lwp-download is a Linux utility present in a number of platforms by default, and 8220 Gang making this a part of any malware routine can affect a number of services even if it were reused more than once," Bharti said.

"Considering the threat actor's tendency to reuse tools for different campaigns and abuse legitimate tools as part of the arsenal, organizations' security teams might be challenged to find other detection and blocking solutions to fend off attacks that abuse this utility."

Original post:

8220 Gang Exploiting Oracle WebLogic Flaw to Hijack Servers and Mine Cryptocurrency - The Hacker News

Trump Signs Executive Actions Related to Cryptocurrency, AI - Bloomberg - January 24th, 2025 [January 24th, 2025]
Trump signs executive orders on AI, cryptocurrency and issues more pardons - VOA Asia - January 24th, 2025 [January 24th, 2025]
Sothebys to accept cryptocurrency payments in upcoming Saudi Arabia auction. - Artsy - January 24th, 2025 [January 24th, 2025]
Davos 2025: Is the cryptocurrency era about to begin? - World Economic Forum - January 24th, 2025 [January 24th, 2025]
1 Top Cryptocurrency to Buy Right Now (Hint: It's Not Bitcoin) - The Motley Fool - January 24th, 2025 [January 24th, 2025]
McLennan County sheriff warns about cryptocurrency scams & how to avoid them - 25 News KXXV and KRHD - January 24th, 2025 [January 24th, 2025]
Warren Buffett who once called crypto a 'rat poison' has now invested in cryptocurrency; here's how and wh - The Economic Times - January 24th, 2025 [January 24th, 2025]
Why is XRP Up Today? Cryptocurrency Rises on Market Volatility and Regulatory Optimism - CryptoGlobe - January 24th, 2025 [January 24th, 2025]
Bitcoin jumps 2.5% after Trump's executive order on cryptocurrency markets - News.Az - January 24th, 2025 [January 24th, 2025]
Trump Signs Order to form Cryptocurrency Working Group and Prohibits CBDC - CryptoNinjas - January 24th, 2025 [January 24th, 2025]
Bitcoin soars past $100,000 ahead of possible Trump early action on cryptocurrency - PBS NewsHour - January 24th, 2025 [January 24th, 2025]
Trumps Cryptocurrency Surges to Become One of the Worlds Most Valuable - The New York Times - January 24th, 2025 [January 24th, 2025]
Why the Official Trump Cryptocurrency Is Skyrocketing - The Motley Fool - January 24th, 2025 [January 24th, 2025]
Police struggling to keep pace with cryptocurrency fraudsters - CBC.ca - January 24th, 2025 [January 24th, 2025]
Donald and Melania Trump launch cryptocurrency meme coins before inauguration - Business Insider - January 24th, 2025 [January 24th, 2025]
Coinbase executive: Trump's executive order on cryptocurrency and AI will definitely change the fundamentals - ChainCatcher - January 24th, 2025 [January 24th, 2025]
Ripple (XRP) or Bitcoin: This Investor Chooses the Superior Cryptocurrency to Buy - TipRanks - January 24th, 2025 [January 24th, 2025]
JPMorgan: This year's cryptocurrency venture capital funding is expected to rise, but will not reach previous highs - ChainCatcher - January 24th, 2025 [January 24th, 2025]
Phemex's stolen $69.1 million in cryptocurrency is distributed across chains such as Ethereum and Solana - ChainCatcher - January 24th, 2025 [January 24th, 2025]
How Trump's New Cryptocurrency Token Has Affected His Net Worth - Newsweek - January 24th, 2025 [January 24th, 2025]
Trump may exclude the Federal Reserve and FDIC from the cryptocurrency working group - ChainCatcher - January 24th, 2025 [January 24th, 2025]
1 Top Cryptocurrency to Buy Before It Soars 1,477%, According to Cathie Wood - The Motley Fool - January 6th, 2025 [January 6th, 2025]
Trump to set the course for cryptocurrency market this year with his cabinet - Hurriyet Daily News - January 6th, 2025 [January 6th, 2025]
Happy Birthday, Bitcoin! The top cryptocurrency is old enough to drive - Quartz - January 6th, 2025 [January 6th, 2025]
XRP Overtakes Tether to Become Third-Largest Cryptocurrency - "The Defiant" - The Defiant - DeFi News - January 6th, 2025 [January 6th, 2025]
Irans Crackdown on Cryptocurrency Exchanges: A Blow to Digital Economy and Livelihoods - Iran News Update - January 6th, 2025 [January 6th, 2025]
Top 10 cryptocurrency rankings on January 1 2025 vs 2024 sees Avalanche replaced by Tron - CryptoSlate - January 6th, 2025 [January 6th, 2025]
Founder of collapsed cryptocurrency to stand trial in US - Global Investigations Review - January 6th, 2025 [January 6th, 2025]
My Top Cryptocurrency to Buy in 2025 - The Motley Fool - January 6th, 2025 [January 6th, 2025]
Weekly Cryptocurrency Market Analysis: Altcoins Continue Their Upward Trend And Mark Higher Highs And Lows - CoinIdol - January 6th, 2025 [January 6th, 2025]
Cryptocurrency prices surge this year as bitcoin, altcoins gain - Tech in Asia - January 6th, 2025 [January 6th, 2025]
Montenegro extradites cryptocurrency mogul to the United States - The Associated Press - January 6th, 2025 [January 6th, 2025]
XRP Flips USDT to Become the 3rd Largest Cryptocurrency - Crypto Times - January 6th, 2025 [January 6th, 2025]
Top New Cryptocurrency to Buy: 5 Tokens Ready to Explode in 2025 - NFTevening.com - January 6th, 2025 [January 6th, 2025]
Singapore Emerges as Asias Leading Cryptocurrency Hub with Risk-Adjusted Regulations - Brave New Coin Insights - January 6th, 2025 [January 6th, 2025]
Bitcoins Bright Outlook for 2025: What to Expect for the Cryptocurrency Market - The Currency Analytics - January 6th, 2025 [January 6th, 2025]
Cryptocurrency Price Today (January 6): Bitcoin Nearly Touches $100k, SPX Becomes Top Gainer - ABP Live - January 6th, 2025 [January 6th, 2025]
Bitwise CEO: The Trump administration may promote merger and acquisition trends, accelerating the development of the cryptocurrency industry -... - January 6th, 2025 [January 6th, 2025]
We conducted a survey of 42 key figures in the Solana ecosystem. What are their views on the cryptocurrency industry? - ChainCatcher - January 6th, 2025 [January 6th, 2025]
The cryptocurrency market sector rose slightly, with the DePIN sector leading again with a gain of 3.54%, while AI Agents and the Hyperliquid... - January 6th, 2025 [January 6th, 2025]
Peter Tassiopoulos Explores Cryptocurrency Fundamentals and Technological Innovations Shaping this Financial Revolution - InvestorNews Inc. - January 6th, 2025 [January 6th, 2025]
Launch the next big cryptocurrency presale inspired by Dogecoin with Blocksync - crypto.news - January 6th, 2025 [January 6th, 2025]
The Role of Stablecoins in the Cryptocurrency Ecosystem - BNO News - December 8th, 2024 [December 8th, 2024]
Bitcoin hits $100,000: what next for the booming cryptocurrency? - BBC.com - December 8th, 2024 [December 8th, 2024]
'Victimizing vulnerable people': OPD and DCSO working to combat cryptocurrency scams - KETV Omaha - December 8th, 2024 [December 8th, 2024]
1 Top Cryptocurrency to Buy Before It Soars 157%, According to Billionaire Venture Capitalist Tim Draper - The Motley Fool - December 8th, 2024 [December 8th, 2024]
From Bitcoin to XRP: Key cryptocurrency terms and what they mean - BBC - December 8th, 2024 [December 8th, 2024]
This $3,000 Android Trojan Targeting Banks and Cryptocurrency Exchanges - The Hacker News - December 8th, 2024 [December 8th, 2024]
Cryptocurrency Trading Is Now Bigger Than Stocks in South Korea - Bloomberg - December 8th, 2024 [December 8th, 2024]
Trump names former PayPal exec David Sacks as his White House AI and cryptocurrency 'czar' - USA TODAY - December 8th, 2024 [December 8th, 2024]
XRP Is Now The Fourth Largest Cryptocurrency After $100 Billion Post-Election Surge - Forbes - December 8th, 2024 [December 8th, 2024]
New cryptocurrency to mine for free: how to choose the right one - crypto.news - December 8th, 2024 [December 8th, 2024]
The Bitcoin Bounce: Cryptocurrency surges following election - WTVG - December 8th, 2024 [December 8th, 2024]
Hackers Stole $1.49 Billion in Cryptocurrency to Date in 2024 - SecurityWeek - December 8th, 2024 [December 8th, 2024]
Bitcoin at $90K and XAI240Ks Ascent: The Future of Cryptocurrency - TechBullion - December 8th, 2024 [December 8th, 2024]
Up 137%, Should This Red-Hot Artificial Intelligence Cryptocurrency Be in Your Portfolio for 2025? - The Motley Fool - December 8th, 2024 [December 8th, 2024]
Cryptocurrency's Global Adoption Likened To Early Internet Era - Binance - December 8th, 2024 [December 8th, 2024]
The rise of digital currencies in Southeast Asia: How cryptocurrency exchanges are driving adoption - Nation Thailand - December 8th, 2024 [December 8th, 2024]
Best Crypto To Invest In 2025 | Top 10 Cryptocurrency Coins To Invest For the Bull Run - Techpoint Africa - December 8th, 2024 [December 8th, 2024]
Hawk Tuahs Back, This Time With A Cryptocurrency Scam - Riverfront Times - December 8th, 2024 [December 8th, 2024]
Editorial by The (Oneonta, N.Y.) Daily Star: Understanding the complex world of cryptocurrency is vital - New Castle News - December 8th, 2024 [December 8th, 2024]
Justin Sun eats $6.2 million Comedian banana artwork in bold fusion of art and cryptocurrency says Its - The Times of India - November 30th, 2024 [November 30th, 2024]
In Our Opinion: Understanding the complex world of cryptocurrency is vital - cnhinews.com - November 30th, 2024 [November 30th, 2024]
Best Cryptocurrency Investments of 2024 | Top 4 Coins to Hold Now - TCU - November 30th, 2024 [November 30th, 2024]
Cryptocurrency Investment Strategies: Rational Asset Allocation, Robust Leverage, and Effective Trading Strategies - ChainCatcher - November 30th, 2024 [November 30th, 2024]
Cryptocurrency: 3 Coins Poised To End 2024 With 200% Gains - Watcher Guru - November 30th, 2024 [November 30th, 2024]
Stop Thinking Backwards: The True Power of Cryptocurrency for CRYPTOCAP:TOTAL2 by MoNi_MoN - TradingView - November 30th, 2024 [November 30th, 2024]
Why Cryptocurrency Is Back in the Art Market - Artsy - November 28th, 2024 [November 28th, 2024]
Behind the Future of Finance: How Cryptocurrency Ownership Shapes the Market - Brave New Coin Insights - November 28th, 2024 [November 28th, 2024]
Is Trump Media Going to Acquire a Cryptocurrency Trading Business? Here's What That Could Mean for the Stock. - The Motley Fool - November 28th, 2024 [November 28th, 2024]
Is Trump Media Going to Acquire a Cryptocurrency Trading Business? Here's What That Could Mean for the Stock. - Yahoo Finance - November 28th, 2024 [November 28th, 2024]
Best Crypto To Invest | Top 10 Cryptocurrency Coins To Buy For the Crypto Bull Run - Brave New Coin Insights - November 28th, 2024 [November 28th, 2024]
Cryptocurrency is Basketcase Asset With no Intrinsic Value, Wealth Experts Argue - ValueWalk - November 28th, 2024 [November 28th, 2024]
How cryptocurrency is entering mainstream giving in Hawaii schools - The Business Journals - November 28th, 2024 [November 28th, 2024]
Cryptocurrency: 3 Coins To Buy Before Bitcoin Reclaims $99K Mark - Watcher Guru - November 28th, 2024 [November 28th, 2024]
Trump Pushing CFTC To Oversee the Cryptocurrency Industry - Watcher Guru - November 28th, 2024 [November 28th, 2024]
Cryptocurrency Market Surges on Trump Presidency: Here Are 5 Worth Buying Now - The Motley Fool - November 28th, 2024 [November 28th, 2024]
Cryptocurrency: Top 3 Coins That May Surge 200% In December 2024 - Watcher Guru - November 28th, 2024 [November 28th, 2024]
Cryptocurrency Scammers Are Trying to Exploit Typos in Your Digital Wallet - The Debrief - November 28th, 2024 [November 28th, 2024]
Could Vancouver's public funds be used for investments in cryptocurrency? - CTV News Vancouver - November 28th, 2024 [November 28th, 2024]

May 20th, 2023

No comments yet

Comments are closed.

Mediaboss Marketing

8220 Gang Exploiting Oracle WebLogic Flaw to Hijack Servers and Mine Cryptocurrency – The Hacker News

About

Pages

Categories

Media Sites

Recommended Sites

Archives