Old Oracle WebLogic flaw becomes new attack target

Healthcare, telecommunications, and financial services firms across the U.S., Mexico, Columbia, Spain, and South Africa are having their Oracle WebLogic servers vulnerable to the remote code execution flaw, tracked as CVE-202014883, targeted by the threat operation 8220 Gang to facilitate malware distribution, The Hacker News reports. Such a vulnerability which is usually used alongside another WebLogic server bug, tracked as CVE-2020-14882 has been leveraged by 8220 Gang for XML file creation and code execution for the deployment of the Agent Tesla, nasqa, and rhajk payloads, a report from Imperva revealed. Another years-old WebLogic vulnerability, tracked as CVE-2017-3506, was previously reported to have been used by the group to enable cryptojacking malware delivery. "The group relies on simple, publicly available exploits to target well-known vulnerabilities and exploit easy targets to achieve their objectives. While considered unsophisticated, they are constantly evolving their tactics and techniques to evade detection," said Imperva security researcher Daniel Johnston.