Recently, the Juniper threat lab has identified a DarkIRC botnet that is actively attacking thousands of exposed Oracle WebLogic servers. All these attacks are intended to exploit the CVE-2020-14882 remote code execution vulnerability that Oracle fixed two months ago.
Recently, Cyber Security News reported that the hackers have started investigating all the server those are using the Critical Oracle WebLogic. the WebLogic Server flaw that is named CVE-2020-14882 that can easily be exploited by threat actors with network access through HTTP.
There are nearly 3000 Oracle WebLogic servers, and all these servers are reachable over the internet that are based on Shodan stats, and not only this, but it also enables unauthenticated attackers to administer remote code on all the targeted servers.
DarkIRC
The experts reported that DarkIRC is addressed on unpatched servers utilizing a PowerShell script that has been executed through an HTTP GET request in the frame of an ill-disposed binary,…