On 17 September 2024, Sekoia’s Threat Detection & Research (TDR) team identified a notable infection chain targeting both Windows and Linux systems through our Oracle WebLogic honeypot. The attacker exploited CVE-2017-10271 and CVE-2020-14883 Weblogic vulnerabilities to deploy Python and Bash scripts, executing the K4Spreader malware, which then delivered the Tsunami backdoor and a cryptominer. For Windows systems, the attacker attempted to execute a PowerShell script designed to install a cryptominer via a .NET-based loader.
La publication suivante Hadooken and K4Spreader: The 8220 Gang’s Latest Arsenal est un article de Sekoia.io Blog.
This article has been indexed from Sekoia.io Blog