A crypto mining botnet spotted in the previous year is currently targeting and attempting to take control of Jenkins and ElasticSearch servers to mine for Monero (XMR) cryptocurrency.
z0Miner is a malicious mining family that spotted active by Tencent Security Team. When z0Miner was initially active, it used Weblogic’s unauthorized command execution vulnerability to spread.
In recent times, the Anglerfish honeypot system of 360 Network Security Research Institute has detected that z0Miner has used ElasticSearch and Jenkins remote command execution vulnerabilities to spread widely. The recent active trends are as follows:
Vulnerability Exploitation
According to a report published by researchers at 360Netlab, z0Miner is now probing for servers unpatched against vulnerabilities addressed in 2015 and earlier.
z0Miner became active last year and was spotted by the Tencent Security Team while exploiting two Weblogic pre-auth RCE bugs tracked as CVE-2020-14882 and CVE-2020- 14883 to spread…