MY BRAND BOOK Chinese-linked Muhstik botnet targets Oracle WebLogic, Drupal

Chinese-linked Muhstik botnet targets Oracle WebLogic, Drupal

By MYBRANDBOOK

A security firm confirmed the Muhstik botnet, has been operating for at least two years, has recently started targeting vulnerabilities in the Oracle WebLogic application server and the Drupal content management system as a way to expand its cryptocurrency mining capabilities, according to the security firm.

Researchers earlier found that Muhstik targeted vulnerable IoT devices, such as routers, to grow its malicious network and perform other tasks, such as mining for cryptocurrency or launching distributed denial-of-service attacks.

The operators behind Muhstik are targeting vulnerabilities in web applications to increase the botnet's reach. This includes two vulnerabilities in Oracle WebLogic, which is used to help build and deploy enterprise Java EE applications.

Those flaws are tracked as CVE-2019-2725 and CVE-2017-10271One of the Oracle WebLogic vulnerabilities, CVE-2019-2725, was disclosed over a year ago, when researchers from Palo Alto Networks Unit 42 warned that it could be used to mine for cryptocurrency or deploy ransomware.

The Lacework researchers note that Muhstik continues to use the IRC protocol to communicate with its command-and-control server, which is fairly common for botnets.

Muhstik then attempts to download other malicious code within the infected device or web application. This includes the XMRig malware that is being increasingly used to mine for cryptocurrency, such as monero.

The botnet also attempts to download a scanning module that searches for other vulnerable applications or connected devices and then attempts to connect those to its malicious infrastructure, according to the report.

"Usually, Muhstik will be instructed to download an XMRig miner and a scanning module. The scanning module is used for growing the botnet through targeting other Linux servers and home routers," Chris Hall, a cloud security researcher at Lacework, notes in the report.

The researchers also found the Muhstik botnet leverages source code from the Mirai botnet. This includes a memory scraper, which can kill other malware within a device.

BREAKING NEWS

Cisco announces AI-native secure Wi-Fi 7 for future-ready employe...

Announcing a major leap in wireless technology, Cisco has launched its Wi...

The BSE benchmark Sensex tumbled over 800 points, leaving investo...

The BSE benchmark Sensex recently experienced a significant drop, tumblin...

North Korean GPS Interference Disrupts Air Traffic...

South Korea's military has publicly accused North Korea of disrupting GP...

US ordered TSMC to halt chip shipments to China...

TSMC has had regular discussions with the government on export control issu...

TECHNO TRENDS

Nazara and ONDC set to transform in-game monetization with ‘

Nazara Technologies has teamed up with the Open Network for Digital Comme...

Jio Platforms and NICSI to offer cloud services to government

In a collaborative initiative, the National Informatics Centre Services In...

BSNL awards ₹5,000 Cr Project to RVNL-Led Consortium

A syndicate led by Rail Vikas Nigam Limited (abbreviated as RVNL), along wi...

Pinterest tracks users without consent, alleges complaint

A recent complaint alleges that Pinterest, the popular image-sharing platf...

E-Magazine

TECHNOTAINMENT

Eloelo teams up with Elvish Yadav for India's biggest digital

Netflix adds 'Moments' feature for saving, sharing scenes from

Netflix has introduced a new “Moments” feature on its mobile app, whic

Jacqueline Fernandez come together with YouTuber Mr. Beast for

Jacqueline Fernandez has partnered with American YouTuber Mr. Beast to b

MOVERS & SHAKERS

Kamal Nath quits SIFY Technologies

Visa elevates Rishi Chhabra as new Country Manager for India

Rishi holds a Master’s in Industrial Engineering from The Ohio State Univ

Genesys welcomes Albert Nel as Senior VP and Regional Sales Le

Genesys continues to deepen its investment in the APAC region. Earlier this

OPEN YOUR EYES

How Work From Home Brings Various Security Challenges

No road block for the cyber espionage cases

Digital Strategies Focuses On Technology To Improve Business Performance

India is moving towards the path of self-reliance

CIO’s should have the understanding "Jugaad" to overcome technology challenges

INTERVIEWS

Alcatel-Lucent Enterprise Carrying a 100 year legacy ahead

AMD Pensando driving innovation in the DPU architecture space

AMD Pensando stands out in the DPU (Data Processing Unit) market with its u

Delivering Critical Business Communication Solutions to Enterp

Arya Omnitalk and Syntel’s comprehensive suite of solutions and more than

HOT PICK

BOULT unveils AmpVault V10 & V20 powerbanks: Fast charging, sa

SonicWall Launches TZ80: A Powerful Solution for Remote Office

SonicWall announced today the launch of the TZ80, a groundbreaking securit

Gigabyte X3D Turbo: A Gaming Revolution

GIGABYTE X3D Turbo Mode is a cutting-edge feature that unifies cores distr

MAKE IN INDIA BRANDS

DIGISOL SYSTEMS LTD.

TECHROUTES NETWORK PRIVATE LIMITED

ADITYA INFOTECH LTD.

ACER INDIA PVT. LTD.

EMINENT CIO'S OF INDIA

GAINING CUSTOMERS’ TRUST IS ESSENTIAL FOR SMOOTH OMNICHANNEL INTERACTIONS

In the fiscal year 2024-25, our organization has i...

AIM TO PUT IA SOLUTIONS WITH A WIDE “GENERAL INTELLIGENCE” SCOPE INTO PRACTICE

Our firm is fortunate to be led by distinguished i...

AI TO IMPROVE INSIGHTS THROUGH AUGMENTED ANALYTICS, WHILE EDGE COMPUTING TO ALLOW REAL-TIME PROCESSING

For the fiscal year 2024-25, our organization has ...

ICONS OF INDIA

Icons Of India : NATARAJAN CHANDRASEKARAN

Natarajan Chandrasekaran (Chandra) is the Chairman of Tata Sons, the h...

Icons Of India : Puneet Chandok

Puneet Chandok is President, Microsoft India & South Asia and is respo...

ICONS OF INDIA : SHAILENDER KUMAR

Shailender Kumar is senior vice president and regional managing direct...

PARTNER SPEAKERS

Hybrid Multicloud - The De Facto Industry Standard

In 2019, the world generated 4.4 zettabytes of data. In one year, it increased...

"We will either find a way or make one"

A provider of high-quality IT products and services, Bluecom Infotech caters t...

Empowering clients with innovative solutions to thrive in evolving digital landscape

Hitachi Systems India employs a multifaceted approach to assess brand awarenes...

PSU

CERT-IN - Indian Computer Emergency Response Team

CERT-In is a national nodal agency for responding to computer security...

LIC - Life Insurance Corporation of India

LIC is the largest state-owned life insurance company in India...

BSE - Bombay Stock Exchange

The Bombay Stock Exchange (BSE) is one of India’s largest and oldest...

VIDEOS

Top 25 Brands

Most Trusted Brands 2024 : AMD

Advanced Micro Devices (AMD) has been a key player in the semiconductor indust...

Most Trusted Brands 2024 : Intel Corporation

Intel Corporation continually pushes the boundaries of processor performance, ...

Most Trusted Brands 2024: BHARTI AIRTEL LTD.

Airtel is a global communications solutions provider serving over 500 million ...

Global Indian industry

Indian Tech Talent Excelling The Tech World - Dheeraj Pandey, CEO, DevRev

Dheeraj Pandey, Co-founder and CEO at DevRev , has a remarkable journe...

Indian Tech Talent Excelling The Tech World - REVATHI ADVAITHI, CEO- Flex

Revathi Advaithi, the CEO of Flex, is a dynamic leader driving growth ...

Indian Tech Talent Excelling The Tech World - Aneel Bhusri, CEO, Workday

Aneel Bhusri, Co-Founder and Executive Chair at Workday, has been a le...

STARNITE AWARDS 2024

ITFORUM 2024

CMO of the Year

WOMEN LEADERSHIP

IMAGE GALLERY

TRENDS IN TECHNOLOGY