Morphus Labs, a Portugal based company which carries out research on Cyber Security has reported early this week that hackers have installed malware related to Cryptocurrency Mining on Oracle WebLogic Servers and People Soft Servers last year and have succeeded in earning $250,000 through the fraudulent activity.
Renato Marinho, the Chief Research Officer from Morphus Labs said that the attack on enterprise servers was carried out by hackers by exploiting a flaw on Web Logic servers which was later patched by Oracle in October’17.
But till then the damage was done as hundreds of unpatched Weblogic and PeopleSoft servers acted as mining bots, serving the attackers by mining Monero- an alternate to Bitcoins digital currency.
What’s more surprising about this activity is that the flaw even allowed the cyber crooks to steal data from affected PeopleSoft computer systems or even allow them to install notorious malware like ransomware.
The research carried out by Morphus Laboratory has discovered that one of the operations using WebLogic exploit earned the hackers a chance to mine more than 609 Monero which was worth $200,000+ in USD on a current note. But all the action is said to have taken place before October last year i.e before a fix was issued.
Technically speaking, WebLogic is a Java EE application server developed by Oracle Corporation. Readers of Cybersecurity Insiders have to notify that tech giant Oracle acquired WebLogic when it purchased BEA systems in 2008.
Hackers installed the Monero mining software which kills the WebLogic service after compromise. And this is when the researchers from the said cybersecurity firm detected the vulnerability.
The impact was discovered by the researchers when one of the Oracle server admins reported the issue on Oracle’s support forum documenting the same Monero attack after it shut down the service of the Oracle Access Management Servers.
It was then that the researchers were led to the fact that hundreds of WebLogic and PeopleSoft servers operating around the world were reigning under a cyber attack.
Note- Most of them were the ones hosted on cloud service providers like Oracle Cloud, OVH, Google, Microsoft, Digital Ocean and Amazon Web Services.
More details are awaited!