Data Breach Today

MARCH 28, 2023

APT43 Launders Crypto Through Mining, Says Mandiant North Korean hackers are stealing cryptocurrency to fund operations under an apparent mandate from Pyongyang to be self-sufficient, threat intel firm Mandiant says.

Mining 291

Mining IT 291

Security Affairs

JANUARY 10, 2022

Experts linked the C2 infrastructure behind an the Abcbot botnet to a cryptocurrency-mining botnet attack that was uncovered in December 2020. Experts linked the infrastructure used by the Abcbot DDoS botnet to the operations of a cryptocurrency-mining botnet that was uncovered in December 2020.

Mining 277

Mining Honeypots Cloud Security 277

Security Affairs

JUNE 22, 2021

DirtyMoe is a Windows botnet that is rapidly growing, it passed from 10,000 infected systems in 2020 to more than 100,000 in the first half of 2021. The Windows botnet has been active since late 2017, it was mainly used to mine cryptocurrency, but it was also involved in DDoS attacks in 2018.

Mining 363

Mining Passwords Communications IT 363

Security Affairs

SEPTEMBER 9, 2021

The TeamTNT botnet is a crypto-mining malware operation that has been active since April 2020 and that targets Docker installs. Experts pointed out that even if the group is expanding its arsenal adding new capabilities, it still focuses on cryptocurrency mining. ” reads the analysis published by AT&T.

Mining 306

Mining IT Cloud Security 306

Security Affairs

FEBRUARY 24, 2021

Security experts from Akamai have spotted a new botnet used for illicit cryptocurrency mining activities that are abusing Bitcoin (BTC) transactions to implement a backup mechanism for C2. The operators of a long-running crypto-mining botnet campaign began creatively disguising their backup C2 IP address on the Bitcoin blockchain.”

Blockchain 340

Blockchain Mining Honeypots Security 340

Security Affairs

MAY 26, 2021

The TeamTNT botnet is a crypto-mining malware operation that has been active since April 2020 and that targets Docker installs. The malware deploys the XMRig mining tool to mine Monero cryptocurrency. Executes the script to start mining for the Monero cryptocurrency. aws/credentials and ~/.aws/config

Mining 354

Mining Cloud Security IT 354

Security Affairs

MAY 4, 2020

The two flaws, tracked as CVE-2020-11651 and CVE-2020-11652, are a directory traversal issue and an authentication bypass vulnerability respectively. The attackers compromised the blogging platform to deploy a cryptocurrency miner, the intrusion took place on May 3, 2020. ” reads the statement published by Ghost Team.

Mining 353

Mining Authentication Ransomware Access 353

Security Affairs

MAY 1, 2021

Threat actors were exploiting two unauthorized remote command execution vulnerabilities, tracked as CVE-2020-2506 & CVE-2020-2507, in the Helpdesk app that have been fixed by the vendor in October 2020. The malware was designed to abuse NAS resources and mine cryptocurrency.

Ransomware 360

Ransomware Mining Security IT 360

Security Affairs

APRIL 30, 2020

— Microsoft Security Intelligence (@MsftSecIntel) April 28, 2020. The campaign primarily targets users in Spain and South American countries, aims to launch a coin-mining shellcode directly in memory. The in-memory DLL then injects a coin-mining code into notepad.exe through process hollowing.

Mining 316

Mining File names Risk Cybersecurity 316

Security Affairs

JUNE 18, 2022

MaliBot disguises itself as a cryptocurrency mining app named “Mining X” or “The CryptoApp”, experts also observed the malicious code masqueraded as “MySocialSecurity” and “Chrome” apps. The experts discovered that the C2 is in Russia and that the malware used the same servers that were associated with the Sality malware operation.

Mining 362

Mining Access Phishing Authentication 362

Security Affairs

FEBRUARY 2, 2024

.” In June 2021, researchers from Avast warned of the rapid growth of the DirtyMoe botnet ( PurpleFox , Perkiler , and NuggetPhantom ), which passed from 10,000 infected systems in 2020 to more than 100,000 in the first half of 2021. Experts defined DirtyMoe as a complex malware that has been designed as a modular system.

Mining 339

Mining Passwords Government IT 339

Security Affairs

JUNE 27, 2021

Researchers have discovered a strain of cryptocurrency-mining malware, tracked as Crackonosh, that abuses Windows Safe mode to avoid detection. . The final stage of the Crackonosh attack chain is the installation of the coinminer XMRig to mine the Monero (XMR) cryptocurrency.

Mining 359

Mining File names Security IT 359

Security Affairs

OCTOBER 28, 2020

billion in 2020. In an 8-K form filed with the Securities and Exchange Commission (SEC), the company has disclosed the ransomware attack that took place on October 22nd, 2020. “On October 22, 2020, Steelcase Inc. . “On October 22, 2020, Steelcase Inc. Steelcase has 13,000 employees and $3.7

Ransomware 322

Ransomware Computer and Electronics Manufacturing Mining 322

Security Affairs

DECEMBER 13, 2020

It ranks fourth among all database management systems (DBMS) as of November 2020. “We believe PGMiner is the first cryptocurrency mining botnet that is delivered via PostgreSQL.” However, the PostgreSQL community challenged this assignment, and the CVE has been labeled as “disputed.”

Mining 363

Mining Passwords Authentication Access 363

Security Affairs

AUGUST 28, 2020

The authors of the Lemon_Duck cryptomining malware have also added a module that exploits the SMBGhost (CVE-2020-0796) Windows SMBv3 Client/Server RCE. Experts noticed that the threat actors exploited the CVE-2020-0796 flaw to collect information on compromised machines instead of running arbitrary code on the vulnerable systems.

Mining 363

Mining Passwords Authentication Access 363

Security Affairs

MAY 27, 2021

The threat actors are actively exploiting the following vulnerabilities in Fortinet FortiOS: CVE-2018-13379 ; CVE-2020-12812 ; CVE-2019-5591. In April, the FBI and the Cybersecurity and Infrastructure Security Agency (CISA) previously warned of attacks carried out by APT groups targeting Fortinet FortiOS servers using multiple exploits.

Government 338

Government Mining Archiving Encryption 338

Security Affairs

OCTOBER 12, 2021

The botnet appeared on the threat landscape in November 2020, the attacks aimed at compromising the target systems to create an IRC botnet, which can later be used to conduct several malicious activities, including DDoS attacks and crypto-mining campaigns. from visual-tools.com. CVE-2021-2900 – Genexis PLATINUM 4410 2.1 P4410-V2-1.28

Mining 294

Mining IT Security IoT 294

Security Affairs

JANUARY 19, 2021

The botnet appeared in the threat landscape in November 2020, in some cases the attacks leveraged recently disclosed vulnerabilities to inject OS commands. CVE-2020-7961 – Java unmarshalling flaw via JSONWS in Liferay Portal (in versions prior to 7.2.1 CE GA2) (disclosed on March 20, 2020).

Mining 361

Mining Sales IT Communications 361

Security Affairs

JANUARY 8, 2021

“In October 2020, Palo Alto Networks Unit42 identified new variants of the cryptomining malware used by TeamTNT named “Black-T.” . The decrypted payload is an ELF file packed with UPX, which is a known sample from TeamTNT, first seen in June 2020 ( e15550481e89dbd154b875ce50cc5af4b49f9ff7b837d9ac5b5594e5d63966a3 ).”

Encryption 363

Encryption Passwords Mining IT 363

Threatpost

OCTOBER 13, 2020

Researchers warn of a spike in the cryptocurrency-mining botnet since August 2020.

Mining 97

Mining Security 97

Security Affairs

DECEMBER 1, 2020

New blog: The threat actor BISMUTH, which has been running increasingly complex targeted attacks, deployed coin miners in campaigns from July to August 2020. Learn how the group tried to stay under the radar using threats perceived to be less alarming: [link] — Microsoft Security Intelligence (@MsftSecIntel) November 30, 2020.

Mining 341

Mining Manufacturing Government Phishing 341

Krebs on Security

JULY 29, 2021

There, denizens with computer rigs that are built primarily for mining virtual currencies can set to work using those systems to crack passwords. But a decent crypto-mining rig can quickly crack a majority of password hashes generated with MD5 (one of the weaker and more commonly-used password hashing algorithms).

Passwords 363

Passwords Phishing Mining Data breaches 363

WIRED Threat Level

JANUARY 4, 2023

When police infiltrated the EncroChat phone system in 2020, they hit an intelligence gold mine. But subsequent legal challenges have spread across Europe.

Mining 191

Mining IT Security 191

Security Affairs

APRIL 22, 2022

The Lemon_Duck cryptomining botnet is targeting Docker servers to mine cryptocurrency on Linux systems. Crowdstrikes researchers reported that the Lemon_Duck cryptomining botnet is targeting Docker to mine cryptocurrency on Linux systems. “The “a.asp” file is the actual payload in this attack. ” concludes the report.

Mining 246

Mining Access Cloud Cybersecurity 246

Security Affairs

JANUARY 21, 2021

QNAP is warning customers of a new piece of malware dubbed Dovecat that is targeting NAS devices to mine cryptocurrency. The malware was designed to abuse NAS resources and mine cryptocurrency. The malware targets QNAP NAS devices exposed online that use weak passwords. “QNAP Systems, Inc. .”

Mining 309

Mining Passwords Ransomware Security 309

Security Affairs

FEBRUARY 5, 2021

The TeamTNT botnet is a crypto-mining malware operation that has been active since April 2020 and that targets Docker installs. The malware deploys the XMRig mining tool to mine Monero cryptocurrency. Upon infecting Docker and Kubernetes systems running on top of AWS servers, the bot scans for ~/.aws/credentials

Mining 298

Mining Libraries Encryption Access 298

AIIM

JUNE 30, 2020

What does content management look like in 2020, years after ECM died? My recommendation comes from a personal mantra of mine – 1% better every day. What’s this content services thing? It turns out, the story is just a little more complicated than one technology being replaced by another.

ECM 232

ECM Content services Paper Information architecture 232

Security Affairs

JUNE 29, 2020

ESET researchers also said the attackers also attempt to exploit RDP connections to try to install coin-mining malware or create a backdoor. Between December 2019 and until February 2020, the experts observed a number of attacks between 70,000 and 40,000 on a daily basis. China, Russia, Germany, and France.

Passwords 355

Passwords Authentication Mining Access 355

Security Affairs

JANUARY 3, 2021

In early 2020, a joint operation conducted by the FBI in coordination with the UK NCA, the Netherlands National Police Corps, the German Bundeskriminalamt, and the Police Service of Northern Ireland resulted in the seizure of the WeLeakInfo.com domain. .” ” reads the announcement published by the UK NCA.

Data breaches 352

Data breaches Mining Access Archiving 352

Security Affairs

JULY 26, 2020

Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. Copyright (C) 2014 Media.net Advertising FZ-LLC All Rights Reserved -->. Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. Copyright (C) 2014 Media.net Advertising FZ-LLC All Rights Reserved -->.

Security 251

Security Mining Ransomware Phishing 251

Security Affairs

OCTOBER 13, 2021

.” The malware was first spotted in February 2018 by researchers from Proofpoint when the bot was using the EternalBlue exploit to infect Windows computers and recruit them in Monero cryptocurrency mining activities.

ROT 330

ROT Mining Encryption IT 330

Security Affairs

SEPTEMBER 17, 2021

CVE-2020-14882 Oracle WebLogic Server RCE, and CVE-2018-20062 ThinkPHP RCE) and targeting sites and systems protected with weak administrative credentials. Upon infecting a system, the malware abuses its resources to mine cryptocurrency. . The malware spread through attacks exploiting known vulnerabilities (i.e.

Honeypots 282

Honeypots Mining Encryption Access 282

Security Affairs

DECEMBER 2, 2020

The botnet was also discovered by @ BadPackets 5 days ago and it is still active as of now, December 1, 2020. An earlier version of the botnet, carrying only XMR Miner payload was investigated and reported by Patrick Olsen from AWAKE Security in September 2020. Stage 1 – WebLogic exploit CVE-2020-14882. Botnet Summary.

Mining 346

Mining IoT Cloud Security 346

Security Affairs

JANUARY 28, 2021

The TeamTNT botnet is a crypto-mining malware operation that has been active since April 2020 and that targets Docker installs. Early this year, researchers from Trend Micro discovered that the TeamTNT botnet was improved with the ability to steal Docker credentials.

Libraries 354

Libraries IT Mining Security 354

Security Affairs

AUGUST 19, 2020

Researchers spotted a new sophisticated peer-to-peer (P2P) botnet, dubbed FritzFrog, that has been actively targeting SSH servers since January 2020. FritzFrog is a new sophisticated botnet that has been actively targeting SSH servers worldwide since January 2020.

Encryption 363

Encryption Mining Communications Access 363

Security Affairs

APRIL 26, 2021

The Prometei botnet appears to be active at least since March 2020, but it was first observed by Cisco Talos experts in July 2020. The crypto-mining has a modular structure and employes multiple techniques to infect systems and evade detection. ” reads the analysis published by Cybereason. ” concludes the report.

Mining 248

Mining Retail Insurance Manufacturing 248

Security Affairs

JUNE 19, 2021

“RedFoxtrot has primarily targeted aerospace and defense, government, telecommunications, mining, and research organizations in Afghanistan, India, Kazakhstan, Kyrgyzstan, Pakistan, Tajikistan, and Uzbekistan. located in Wuhan.” ” concludes the report.

Military 338

Military Mining Government Communications 338