Oracle WebLogic Server is a Java EE application server currently developed by Oracle Corporation. The experts at the SANS Technology Institute and Morphus Labs reported that a group of hackers was attacking Oracle weblogic Servers from December 2017, using the exploit code for the CVE-2017-10271 vulnerability in Oracle WebLogic servers, patched by Oracle in October 2017 and leaked to the web.
The hackers reportedly chose that vulnerability as it was not difficult to use it through Internet to put the malicious code on the Weblogic server, and the exploit included IP scanner that searched for vulnerable hosts, which eventually let hackers make $226.000 worth 611 Monero coins installing a cryptocurrency miner.
The attackers had access to all the information in PeopleSoft that is touching WebLogic servers, but rather than sell this information on the black market, which takes more work than writing a simple script to exploit the system and drop crypto mining software on it, they probably thought they could get more money by crypto mining.
Dean of research, SANS Technology Institute
Despite the fact that hackers were able to steal significant corporate data or install ransomware, they only installed a cryptocurrency miner to mine Monero hoping that high CPU use of the server stayes unnoticed.
At the moment of press, these are main market parameters of Monero:
- Average price: $370,66
- Marketcap: $5 779 654 391
- 24h volume: $150 136 000