The 8220 gang uses two different gadget chains: one enables the loading of an XML file, which then contains a call to the other and enables execution of commands on the OS.” Therefore, it is easy to modify for the purposes of malware deployment. Exploitation of these vulnerabilities is well documented. Researchers at Imperva say the 8220 gang, a cybercriminal group believed to be based in China, is attempting to exploit CVE-2020-14883 in Oracle WebLogic Server to install cryptojacking malware: “This vulnerability allows remote authenticated attackers to execute code using a gadget chain and is commonly chained with CVE-2020-14882 (an authentication bypass vulnerability also affecting Oracle Weblogic Server) or the use of leaked, stolen, or weak credentials. This is because multiple commands are used for a single action, some commands call functions in other modules, and some are only used to respond to the server. However, the tasks performed by its payload are fewer than the number in the command. The researchers note, “A large number of commands for C2 communication can be found in this malware. The malware is being distributed via shortened URLs in PDF files. URL files were involved in every campaign.” The evolution of Bandook.įortinet describes a new variant of the Bandook remote access Trojan that surfaced in October. While other parts of the attack chain from this actor changed or varied. URL files involved exploited CVE-2023-36025, a vulnerability in Windows SmartScreen. It was notable due to the use of more than one traffic delivery system (TDS), specifically 404 TDS and Keitaro TDS. Proofpoint is tracking a DarkGate malware operator it’s calling “BattleRoyal” that began exploiting a Windows SmartScreen vulnerability before the flaw was disclosed by Microsoft: “On October 2, 2023, Proofpoint identified one of the first campaigns in this cluster. A continuing cyberespionage campaign against Russian targets.A continuing cyberespionage campaign against Ukrainian targets.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |