Researchers are urging Oracle WebLogic users to update quickly – after new Muhstik botnet samples started targeting a critical flaw in the servers.
A variant of the Muhstik botnet has been uncovered in the wild, exploiting a recently-disclosed, dangerous vulnerability in Oracle WebLogic servers.
The newfound samples of Muhstik are targeting the
recently-patched CVE-2019-2725 in WebLogic servers, and then launching distributed-denial-of-service (DDoS) and cryptojacking attacks with the aim of making money for the attacker behind the botnet, researchers said.
“From the timeline, we can see that the developer of Muhstik watches aggressively for new Linux service vulnerability exploits and takes immediate action to [incorporate] exploits against them into the botnet,” Cong Zheng and Yanhui Jia, researchers with Palo Alto Network’s Unit 42 team, said in a
Tuesday analysis. “This makes sense, because the faster the botnet includes the new exploits, the greater chance of successfully using the vulnerability to harvest more bots before systems are patched.”
![[correlate]](/data/avatars/s/79/79653.jpg?1556985072){kind=avatar}
