Friend
Professional
- Messages
- 2,653
- Reaction score
- 850
- Points
- 113
Cybersecurity researchers at Aqua have uncovered a new malware campaign dubbed Hadooken. The malware is distributed through Oracle Weblogic servers and is engaged in cryptocurrency mining, as well as the delivery of malware for a DDoS botnet.
The attack chain exploits both known vulnerabilities and infrastructure configuration errors, such as weak passwords.
The malware is installed on the system either through a special script or a program written in Python with identical functionality.
"The script attempts to browse various directories containing SSH data (user credentials, host information) and uses this information to attack known servers. It then moves sideways through the organization or connected environments to further spread the Hadooken malware," Aqua researcher Assaf Moran told The Hacker News.
Hadooken contains two components: a cryptocurrency miner and a utility of the Tsunami DDoS botnet (aka Kaiten). The malware is distributed from a server located in Germany and owned by Aeza International.
Servers belonging to this company were used in the 8220 Gang campaign, which used other people's computing resources for mining.
The attack chain exploits both known vulnerabilities and infrastructure configuration errors, such as weak passwords.
The malware is installed on the system either through a special script or a program written in Python with identical functionality.
"The script attempts to browse various directories containing SSH data (user credentials, host information) and uses this information to attack known servers. It then moves sideways through the organization or connected environments to further spread the Hadooken malware," Aqua researcher Assaf Moran told The Hacker News.
Hadooken contains two components: a cryptocurrency miner and a utility of the Tsunami DDoS botnet (aka Kaiten). The malware is distributed from a server located in Germany and owned by Aeza International.
Servers belonging to this company were used in the 8220 Gang campaign, which used other people's computing resources for mining.
