"8220 Gang Exploits Old Oracle WebLogic Vulnerability to Deliver Infostealers, Cryptominers"
According to the Imperva Threat Research team, the 8220 gang has been exploiting an old Oracle WebLogic Server vulnerability, tracked as CVE-2020-14883, to spread malware. The 8220 gang has been active since 2017, deploying cryptocurrency miners on Linux and Windows hosts by exploiting known vulnerabilities. The group uses publicly available exploits that target well-known vulnerabilities. Although they are considered unsophisticated, the group is constantly changing tactics to avoid detection. Trend Micro researchers revealed earlier this year that 8220 had been exploiting CVE-2017-3506, another critical vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware, to take over the targeted systems and launch cryptocurrency miners. This article continues to discuss the 8220 gang's exploitation of a critical Remote Code Execution (RCE) vulnerability in Oracle WebLogic Server.
Submitted by grigby1