Nastyware seeks creds, mines crypto, and plants ransomware that isnt deployed - for now?
An unknown attacker is exploiting weak passwords to break into Oracle WebLogic servers and deploy an emerging Linux malware called Hadooken, according to researchers from cloud security outfit Aqua.
Aqua caught the malware in a honeypot WebLogic server. The attack exploited a weak password to gain entry, then remotely executed malicious code. The first payload runs a shell script called"c" and a Python script called"y" – both of which attempted to download Hadooken. Aqua's threat hunters observed they have not seen evidence of Tsunami running, but they speculated it could be used later.
"TeamTNT and Gang 8220 used this IP in the past but that doesn't say anything about potential attribution," Morag explained.
United Kingdom Latest News, United Kingdom Headlines
Similar News:You can also read news stories similar to this one that we have collected from other news sources.
We know 'Linux is a cancer' but could CentOS chaos spell opportunity for Microsoft?Analyst suggests Redmond's internal distro may one day fly the coop
Read more »
Rust for Linux maintainer steps down in frustration with 'nontechnical nonsense'Community seems to C Rust more as a burden than a benefit
Read more »
'Uncertainty' drives LinkedIn to migrate from CentOS to Azure LinuxSignificant improvements to Microsoft's in-house Linux may follow
Read more »
Microsoft's Patch Tuesday borks dual-boot Linux-Windows PCsPlus: Three-year-old ProxyLogon flaw added to CISA's exploited bugs list
Read more »
Gentoo Linux to drop Itanium support as Funtoo fork enters 'Hobby Mode'Founder's side-project is letting in water
Read more »
City council faces £216.5M loss over Oracle system debacleEurope's largest local authority canceled expected savings baked into financial plans
Read more »