Terrorist hackers target Atlassian & Oracle servers

Edward Kost
Edward Kost
February 8, 2021

Volatile Cedar, a cybercriminal group affiliated with the Hezbollah Cyber Unit, has resurfaced after disappearing for almost 6 years.

The criminal group was suddenly illuminated on the radar after suspicious activity on Oracle and Atlassian servers was discovered.

Volatile cedar breached unpatched Atlassian and Oracle servers by exploiting the following vulnerabilities - CVE-2012-3152, CVE-2019-11581, and CVE-2019-3396

These attacks were reconnaissance campaigns to learn the strategies and behaviors of specific enemies. 

The net was wide, covering the United States, Egypt, Jordan, the United Kingdom, Saudi Arabia, Europe, the UAE, and even the Palestinian Authority. The targets were telecommunication companies and the intelligence breached included client call records amongst other private data.

Volatile Cedar’s operations were strategically ordered to amplify the geographical range between them and evade detection. Other evasion tactics included shifting the attack surface from computer to public servers and using common web shell utilities rather than other detectable tools.

These clever concealment practices suggest that the group may have remained active during the last 6 years leaving behind only heavily obfuscated trails.

But the group has finally left a calling card -  a remote access tool exclusive to Volatile Cedar known as “Explosive RAT.

“Explosive RAT” is an updated version of the trojan “Explosive”, also developed by the criminal group. This trojan is usually deployed via a compromised open-source JSP file browser. 

The Explosive RAT trojan has been specifically designed for sensitive data theft and corporate espionage. It has also been engineered to reflect Volatile’s characteristic evasion tactics. One such example is memory usage monitoring to avoid suspicious processing allocations.

Volatile Cedar’s crimes uncovers a concerning progression in Hezbollah’s hacking capabilities - not only have their methods evolved, they’re now also developing their own tools.

How secure is Oracle?

Oracle Corporation is an American multinational computer technology corporation headquartered in Redwood Shores, California. The company specializes primarily in developing and marketing database software and technology, cloud engineered systems, and enterprise software products — particularly its own brands of database management systems.
  • Check icon
    View our free preliminary report on Oracle’s security posture
  • Check icon
    13 risk factors, including email security, SSL, DNS health, open ports and common vulnerabilities
Security ratings
Abstract shape
Deliver icon

Sign up for our newsletter

Stay up-to-date on everything UpGuard with our monthly newsletter, full of product updates, company highlights, free cybersecurity resources, and more.
UpGuard customer support teamUpGuard customer support teamUpGuard customer support team

Protect your organization

Get in touch or book a free demo.
Free instant security score

How secure is your organization?

Request a free cybersecurity report to discover key risks on your website, email, network, and brand.
  • Check icon
    Instant insights you can act on immediately
  • Check icon
    Hundreds of risk factors including email security, SSL, DNS health, open ports and common vulnerabilities
Website Security scan resultsWebsite Security scan rating