Kowatek Solar LTD
Battery Power Online | Peak Energy, General Motors Partner on Sodium-Ion Cells for Grid Applications
17:54
Battery Power Online | Peak Energy, General Motors Partner on Sodium-Ion Cells for Grid Applications
Why Britain is saying no to hydrogen boilers
17:53
Why Britain is saying no to hydrogen boilers
Who are the companies commercialising large-scale thermal energy storage technologies today
04:32
Who are the companies commercialising large-scale thermal energy storage technologies today
16 Utah Cities Choose to Opt-in to Groundbreaking Clean Energy Program to Bring 100% Clean Energy to Grid
17:51
16 Utah Cities Choose to Opt-in to Groundbreaking Clean Energy Program to Bring 100% Clean Energy to Grid
Themis Powder2Power particle-based CSP begins commissioning in France
18:00
Themis Powder2Power particle-based CSP begins commissioning in France
3 Hours Of Free Power Explained
17:53
3 Hours Of Free Power Explained
Father of Modern Solar Approaches the Next Frontier
17:51
Father of Modern Solar Approaches the Next Frontier
Hacked, leaked, and held for ransom: the worst breaches of 2026 so far
14:40
Hacked, leaked, and held for ransom: the worst breaches of 2026 so far
The optimal internal receiver geometry for high temperature solar fuels
17:59
The optimal internal receiver geometry for high temperature solar fuels
Rolls-Royce to build four BESS facilities for Sunly in Latvia
17:52
Rolls-Royce to build four BESS facilities for Sunly in Latvia

8220 Gang Behind ScrubCrypt Attack Targeting Oracle Weblogic Server

The attacker known as the “8220 Gang” is associated with a new payload targeting Oracle Weblogic Server that can be exploited at a specific URI (Uniform Resource Identifier).

The payload analyzed by Fortinet security researchers is characterized by an extract of ScrubCrypt, a type of malware designed to obfuscate and encrypt applications in order to avoid detection by security programs. .

“We analyzed the malware injected into the victim’s system and, as part of our analysis, used the collected metrics to identify the attacker as the 8220 gang,” says Cara, senior antivirus analyst at Fortinet. Lin wrote in Wednesday’s advisory. “This mining her group first appeared in her 2017. The name ‘8220’ comes from her first use of port 8220 for network communication. “

According to Lin, ScrubCrypt has been updated at least once. Its authors have ensured that malware can bypass Windows Defender and provide anti-debugging and some bypass capabilities.

“We collected several ScrubCrypt samples in February, each with a slightly different payload,” wrote a malware analyst, adding that the attacks Fortinet observed occurred between January and February 2023. I am adding.

Additionally, security experts have linked both the crypto wallet addresses used in these attacks and the server IP addresses used in the Monero miner to the 8220 gang in the past, allowing for links to the threat group. (despite the port number used). for attacks that are no longer 8220).

“The 8220 Gang is a well-known minor group that typically uses public file-sharing websites to target system vulnerabilities and infiltrate the victim’s environment,” added Lin.

“In a very short period of time, it has evolved to use newer Cryptor variants. [that] It contains evasion and encryption features that make it difficult for antivirus programs to detect 8220 gang activity. Users should be aware of this updated crypter and have their systems patched. “

The threat actor’s activity was also observed by Microsoft last year, and in July 2022 Microsoft issued an alert against the 8220 Gang.

Editorial image credit: max.ku / Shutterstock.com

Source link

Leave a Reply

Your email address will not be published. Required fields are marked *

Address:
 091, Peace Plaza, Asaba, Delta State.
216 DBS Road, Asaba, Delta State.
Start a conversation:

Follow Us Social Media

Facebook Twitter Youtube Instagram

All Rights Reserved. Kowatek Blog by IWUCHI

Home | About Us | Disclaimer | Privacy Policy | Contact Us