Aqua Security Nautilus
Aqua Security Nautilus researchers uncovered the Hadooken malware, which primarily targets Oracle WebLogic servers. Hadooken has been implicated in multiple ransomware attacks and deploys cryptominers after compromising systems. The attackers gained initial access through weak passwords, achieving remote code execution, and utilized scripts for lateral movement within affected networks. Despite no active use of its Tsunami malware component observed, the presence of both the cryptominer and Tsunami indicates a significant threat. The attack has broader implications given that a substantial number of WebLogic servers are connected to the internet, and although many are protected, some exposed administration consoles are at risk.
Source: https://securityaffairs.com/168364/malware/hadooken-targets-oracle-weblogic-servers.html
"id": "aqu000092024",
"linkid": "aquasecteam",
"type": "Ransomware",
"date": "9/2024",
"severity": "100",
"impact": "5",
"explanation": "Attack threatening the organization’s existence"