Q
Manage Learn to apply best practices and optimize your operations.

Zealot campaign: How is the Apache Struts vulnerability used?

The Zealot campaign discovered by F5 Networks uses the same Apache Struts vulnerability exploited in the Equifax breach. Learn how else it performs cryptomining with Nick Lewis.

F5 Networks found a new campaign named Zealot that is designed to mine Monero cryptocurrency on enterprise networks...

and that uses the same Apache Struts vulnerability exploited in the Equifax breach. What other exploits does the Zealot campaign use, and how does it leverage internal networks for cryptomining?

Cybercriminals use whatever methods they can find to compromise systems to make a profit, including cryptomining, ransomware, spamming and distributed denial-of-service attacks, and they often use newly publicized exploits or vulnerabilities to stay one step ahead of the security industry.

For example, when one vulnerability is patched, cybercriminals are often able to incorporate a new vulnerability or add steps in their toolkit to work around the patch. The recent rise in cryptomining indicates a profitable attack outcome by compromised systems, as with F5 Networks' newly discovered cryptomining attack campaign dubbed Zealot.

The Zealot campaign uses a multistep attack comprising different tools to mine Monero coins on compromised systems, including exploits of vulnerabilities in Apache Struts and the DotNetNuke content management system that enable the attackers to gain initial access to a vulnerable system. Zealot then uses the EmpireProject post-exploitation framework, which can be used to take over Linux and Windows systems to run cryptomining malware.

Zealot can also spread through an internal network looking for vulnerable systems by using a Python script that scans the local network and uses the EternalBlue and EternalSynergy exploits to attack the remote system for cryptomining.

Ask the expert:
Have a question about enterprise threats? Send it via email today. (All questions are anonymous.)

This was last published in July 2018

Dig Deeper on Emerging cyberattacks and threats

Have a question for an expert?

Please add a title for your question

Get answers from a TechTarget expert on whatever's puzzling you.

You will be able to add details on the next page.

Join the conversation

1 comment

Send me notifications when other members comment.

Please create a username to comment.

How has the Apache Struts vulnerability affected your enterprise?
Cancel

-ADS BY GOOGLE

SearchCloudSecurity

SearchNetworking

SearchCIO

SearchEnterpriseDesktop

SearchCloudComputing

ComputerWeekly.com

Close