Hackers Targeting WebLogic Servers and Docker APIs for Mining Cryptocurrencies


A financial-motivated organisation was found to be using the vulnerability to disabling operating system (OS) security measures including Security-Enhanced Linux (SELinux) and others by dropping Python scripts, according to cybersecurity firm Trend Micro.

In order to start a crypto miner and distribute the malware to additional containers and hosts, the Kinsing actors have also been active in campaigns targeting container environments using improperly configured open Docker Daemon API ports. Read More…