Hacker aims at Apache Solr vulnerability to install a cryptocurrency miner

At the end of February, hackers attacked more than 1,400 Apache Solr servers to install a crypto-money miner software.

The attack on the Apache Solr server was similar to what happened in January. The hackers used an unpatched Oracle WebLogic instance to install mining equipment to obtain bitcoin replacement Monero.

According to Morphus Labs Chief Research Officer Renato Marinho’s say, Apache Solr attackers are using a remote code execution vulnerability, Apache Software Foundation has released a patch vulnerabilities patch in October. Solr is a widely used Apache program for building search functionality into websites. Marinho thinks Apache Sorl attackers and attack software installed in the Oracle WebLogic Server is a team, they stole almost $226,000 on Monero.

Image: Renato Marinho/Morphus Labs/SANS ISC

In the nine days from February 28 to March 8, the hacker deployed 1,416 vulnerable Apache Solr servers to deploy Monero XMRig miner software worldwide.

However, only 722 WebLogic servers were previously attacked, indicating that the Solr vulnerability has provided attackers with twice as many servers to mine cryptocurrencies. In contrast to personal computers, servers are generally attractive targets because they can run on powerful CPUs.

Not only that, Marinho also noted that IBM InfoSphere 11.5, JBoss Data Grid version 7.0.0, 7.1.0, JBoss Enterprise Application Platform (EAP) versions 6, 7, 7.0.8, and JBoss 6 Enterprise Portal Platform versions may also be easy It was attacked because hackers exploited the vulnerability in the shared library.

Source: ZDNet