Chinese-linked Muhstik botnet targets Oracle WebLogic, Drupal
By MYBRANDBOOK
A security firm confirmed the Muhstik botnet, has been operating for at least two years, has recently started targeting vulnerabilities in the Oracle WebLogic application server and the Drupal content management system as a way to expand its cryptocurrency mining capabilities, according to the security firm.
Researchers earlier found that Muhstik targeted vulnerable IoT devices, such as routers, to grow its malicious network and perform other tasks, such as mining for cryptocurrency or launching distributed denial-of-service attacks.
The operators behind Muhstik are targeting vulnerabilities in web applications to increase the botnet's reach. This includes two vulnerabilities in Oracle WebLogic, which is used to help build and deploy enterprise Java EE applications.
Those flaws are tracked as CVE-2019-2725 and CVE-2017-10271One of the Oracle WebLogic vulnerabilities, CVE-2019-2725, was disclosed over a year ago, when researchers from Palo Alto Networks Unit 42 warned that it could be used to mine for cryptocurrency or deploy ransomware.
The Lacework researchers note that Muhstik continues to use the IRC protocol to communicate with its command-and-control server, which is fairly common for botnets.
Muhstik then attempts to download other malicious code within the infected device or web application. This includes the XMRig malware that is being increasingly used to mine for cryptocurrency, such as monero.
The botnet also attempts to download a scanning module that searches for other vulnerable applications or connected devices and then attempts to connect those to its malicious infrastructure, according to the report.
"Usually, Muhstik will be instructed to download an XMRig miner and a scanning module. The scanning module is used for growing the botnet through targeting other Linux servers and home routers," Chris Hall, a cloud security researcher at Lacework, notes in the report.
The researchers also found the Muhstik botnet leverages source code from the Mirai botnet. This includes a memory scraper, which can kill other malware within a device.
Singapore to remove One-Time Passwords from Bank Accounts
According to the Monetary Authority of Singapore, clients who utilise secur...
Is 375 million Airtel subscribers database breached?
When a hacker claims to have accessed and put up for sale a customer databa...
The government of India intends to construct a single portal f
A single portal will be launched by the Indian government to list all of it...
OpenAI offers GPT-4o, a faster model available to all users at
GPT-4o, a faster and more sophisticated AI model, is made available to all...
Icons Of India : ALOK OHRIE
Alok Ohrie leads Dell Technologies’ India business, overseeing Sales...
Icons Of India : Harsh Jain
Harsh Jain, the co-founder of Dream 11, the largest fantasy sports web...
Icons Of India : CP Gurnani
Former Managing Director and CEO of the well-known IT service company ...
NSE - National Stock Exchange
NSE is the leading stock exchange in India....
GeM - Government e Marketplace
GeM is to facilitate the procurement of goods and services by various ...
DRDO - Defence Research and Development Organisation
DRDO responsible for the development of technology for use by the mili...
Indian Tech Talent Excelling The Tech World - Sanjay Mehrotra, CEO- Micron Technology
Sanjay Mehrotra, the President and CEO of Micron Technology, is at the...
Indian Tech Talent Excelling The Tech World - Rajiv Ramaswami, President & CEO, Nutanix Technologies
Rajiv Ramaswami, President and CEO of Nutanix, brings over 30 years of...
Indian Tech Talent Excelling The Tech World - Shantanu Narayen, CEO- Adobe Systems Incorporated
Shantanu Narayen, CEO of Adobe Systems Incorporated, is renowned for h...