Ransomware cyber

Aqua Security Nautilus

Sep 20, 2024 1 min read
Aqua Security Nautilus

Aqua Security Nautilus researchers uncovered the Hadooken malware, which primarily targets Oracle WebLogic servers. Hadooken has been implicated in multiple ransomware attacks and deploys cryptominers after compromising systems. The attackers gained initial access through weak passwords, achieving remote code execution, and utilized scripts for lateral movement within affected networks. Despite no active use of its Tsunami malware component observed, the presence of both the cryptominer and Tsunami indicates a significant threat. The attack has broader implications given that a substantial number of WebLogic servers are connected to the internet, and although many are protected, some exposed administration consoles are at risk.

Source: https://securityaffairs.com/168364/malware/hadooken-targets-oracle-weblogic-servers.html

TPRM report: https://scoringcyber.rankiteo.com/company/aquasecteam

"id": "aqu000092024",
"linkid": "aquasecteam",
"type": "Ransomware",
"date": "9/2024",
"severity": "100",
"impact": "5",
"explanation": "Attack threatening the organization’s existence"
{'affected_entities': [{'industry': 'Various',
                        'location': 'Global',
                        'name': 'Oracle WebLogic Server Users',
                        'type': 'Organization'}],
 'attack_vector': 'Weak Passwords, Remote Code Execution',
 'description': 'Aqua Security Nautilus researchers uncovered the Hadooken '
                'malware, which primarily targets Oracle WebLogic servers. '
                'Hadooken has been implicated in multiple ransomware attacks '
                'and deploys cryptominers after compromising systems. The '
                'attackers gained initial access through weak passwords, '
                'achieving remote code execution, and utilized scripts for '
                'lateral movement within affected networks. Despite no active '
                'use of its Tsunami malware component observed, the presence '
                'of both the cryptominer and Tsunami indicates a significant '
                'threat. The attack has broader implications given that a '
                'substantial number of WebLogic servers are connected to the '
                'internet, and although many are protected, some exposed '
                'administration consoles are at risk.',
 'impact': {'systems_affected': 'Oracle WebLogic servers'},
 'initial_access_broker': {'entry_point': 'Weak passwords'},
 'motivation': ['Ransomware', 'Cryptomining'],
 'post_incident_analysis': {'root_causes': 'Weak passwords'},
 'references': [{'source': 'Aqua Security Nautilus researchers'}],
 'title': 'Hadooken Malware Attack on Oracle WebLogic Servers',
 'type': 'Malware',
 'vulnerability_exploited': 'Weak passwords'}
Published by
Jeremy C
Jeremy C
You might also like
Ransomware cyber

Intel

public 1 min read
The Iranian ransomware-as-a-service operation, Pay2Key.I2P, reemerged after a five-year hiatus, targeting organizations in the US and Israel. The group,…
Jeremy C Jeremy C
Great! Next, complete checkout for full access to Rankiteo Blog.
Welcome back! You've successfully signed in.
You've successfully subscribed to Rankiteo Blog.
Success! Your account is fully activated, you now have access to all content.
Success! Your billing info has been updated.
Your billing was not updated.