DarkIRC Botnet Exploiting Oracle WebLogic Vulnerability

Opt-in to Cyber Safety. Multiple layers of protection for your devices, online privacy and more.

Cybercrime as-a-service
Fraud Management & Cybercrime

Researchers: Malware Offered for Sale for $75

DarkIRC Botnet Exploiting Oracle WebLogic Vulnerability
Underground hacking forum advertising the DarkIRC botnet malware (Source: Juniper Threat Labs)

A botnet called DarkIRC is exploiting a severe remote execution vulnerability in Oracle WebLogic for which a patch was issued almost two months ago, Juniper Threat Labs reports. Meanwhile, the malware used to create the botnet is being offered for sale on a darknet hacking forum.

See Also: Live Webinar | Securing Mobile Endpoints to Protect IP in the Pharma Industry

In addition to the DarkIRC botnet, researchers at Juniper Threat Labs are tracking four other malware variants that are trying to take advantage of the WebLogic vulnerability, including a version of the Mirai botnet and a weaponized version of the Cobalt Strike penetration testing tool.

The WebLogic flaw, tracked as CVE-2020-14882, is a remote code execution vulnerability that can be exploited over a network without the need for a username and password. A threat actor would only have to send a malicious HTTP request to the WebLogic Server’s management console to initiate the attack, according to a previous update by Oracle.

Oracle and the U.S. Cybersecurity and Infrastructure Security Agency have issued alerts about the importance of applying the patch, which has been available since October (see: CISA and Oracle Warn Over WebLogic Server…