A botnet known as DarkIRC is actively targeting exposed Oracle WebLogic servers in attacks designed to exploit the CVE-2020-14882 remote code execution (RCE) vulnerability fixed by Oracle two months ago. Almost 3,000 Oracle Weblogic servers are reachable over the Internet based on Shodan stats and allow unauthenticated attackers to execute remote code on targeted servers. Juniper Threat Labs didn’t say that this threat actor is behind the ongoing DarkICE attacks even though the filename of one of the recently detected payloads is similar to a FUD (Fully Undetected) Crypter file also advertised by Freak_OG earlier this month.
Source: https://www.bleepingcomputer.com/news/security/critical-oracle-weblogic-flaw-actively-exploited-by-darkirc-malware/