New HolesWarm Botnet Exploiting 20 Known Vulnerabilities To Attack Windows & Linux Servers

The cybersecurity researchers at Tencent Cloud Firewall have recently detected a new highly volatile botnet which is dubbed as HolesWarm. 

They reported that this new botnet exploiting more than 20 known vulnerabilities to hack Windows and Linux servers so that the operator of this botnet can install malware into those hacked servers for cryptocurrency mining.

Due to its high volatility, the security analysts at Tencent Cloud Firewall have attributed this “HolesWarm” botnet as the “King of Vulnerability Exploitation.”

That’s why to stay safe and stop getting a victim of this HolesWarm botnet the researchers at Tencent have strongly recommended both government and private organizations take all the necessary security measures immediately to mitigate all the known vulnerabilities.

While apart from the crypto mining feature, this highly volatile botnet also gives access to sensitive information like server credentials and even the admin rights as well to its operators.

HolesWarm exploits Known security flaws

According to the report, a command and control server that is located at m[.]windowsupdatesupport[.]org has been primarily operating this HolesWarm botnet.

And here, the experts have identified and tracked that this botnet has been exploiting all the known security flaws in the following software:-

  • Docker
  • Jenkins
  • Apache Tomcat
  • Apache Struts (multiple bugs)
  • Apache Shiro
  • Apache Hadoop Yarn
  • Oracle WebLogic (CVE-2020-14882)
  • Spring Boot
  • Zhiyuan OA (multiple bugs)
  • Panwei OA
  • Yonyou GRP-U8

Not only that even they have also asserted that all these attacks were mainly tracked throughout China, and it clearly indicates that very soon the threat actors will begin their cyberattacks around the world to hack into the affected systems.

Moreover, the attackers are frequently renewing their attack methods, since the researchers were identified that the module configuration data has changed rapidly.

For this type of advancements and modifications, since June HolesWarm has been able to crack into more than 1,000 cloud hosts.

HolesWarm resets local passwords, spreads to the local network, and then settles the XMRig crypto miner, once into the infected system the malware gets attached. But, here the attack vectors may differ a lot since it actually depends on the victim.

In a long line of crypto-mining botnets that are becoming the headlines nowadays, the HolesWarm botnet is just the latest one. 

Here, the operators of this latest botnet are targeting the servers that are running out-of-date software, since they were the latest malware coders, and that’s why they are taking easy advantage of this.

In general, the operators of other botnets try to hide their presence on the infected systems, but, in this case, the HolesWarm operators don’t seem to resort to such methods.

What they do here is usually it overloads the server processors, simply to show its presence in the infected systems to get detected.

Balaji N

BALAJI is an Ex-Security Researcher (Threat Research Labs) at Comodo Cybersecurity. Editor-in-Chief & Co-Founder - Cyber Security News & GBHackers On Security.

Recent Posts

SSNDOB Marketplace Admin Jailed for Selling millions of Americans Data

In a resounding triumph for justice, U.S. District Judge Kathryn Kimball Mizelle has sentenced Vitalii…

9 hours ago

Is Your Online Store Hacked in a Carding Attack? Here’s an Action Plan to Protect

Hackers are plotting to benefit from the generosity of Halloween, Thanksgiving, and Christmas shoppers using…

12 hours ago

Google Researchers Find Out How ChatGPT Queries Can Collect Personal Data

The LLMs (Large Language Models) are evolving rapidly with continuous advancements in their research and…

12 hours ago

New Android Malware Employs Various Tactics to Deceive Malware Analyst

In the dynamic realm of mobile application security, cybercriminals employ ever more sophisticated forms of…

14 hours ago

DJvu Ransomware Mimic as Cracked Software to Compromise Computers

A recent campaign has been observed to be delivering DJvu ransomware through a loader that…

15 hours ago

Okta Hack: Threat Actors Downloaded all Customer Support System Users’ Data

In a pivotal update to the Okta security incident divulged in October 2023, Okta Security…

16 hours ago