Remove Cloud Remove Honeypots Remove Mining
article thumbnail

Ngrok Mining Botnet

Security Affairs

Additionally, the campaign is sophisticated in seeking to detect, analyse and neutralise other competing crypto-mining malware. In my previous post I discussed the initial prototyping of a Docker Honeypot / Sandbox called Whaler. Firstly nearly all attacks observed were Crypto-mining attackers. Introduction.

Mining 279
article thumbnail

Experts spotted first-ever crypto mining campaign leveraging Kubernetes RBAC

Security Affairs

Experts warn of a large-scale cryptocurrency mining campaign exploiting Kubernetes (K8s) Role-Based Access Control ( RBAC ). Cloud security firm Aqua discovered a large-scale cryptocurrency mining campaign exploiting Kubernetes (K8s) Role-Based Access Control ( RBAC ) to create backdoors and run miners.

Mining 246
Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

Pro-Ukraine attackers compromise Docker images to launch DDoS attacks on Russian sites

Security Affairs

The attacks were monitored by cybersecurity firm CrowdStrike, who discovered that the Docker Engine honeypots deployed between February 27 and March 1 were compromised and used in the DDoS attacks. “Container and cloud-based resources are being abused to deploy disruptive tools. .

Honeypots 321
article thumbnail

Abcbot and Xanthe botnets have the same origin, experts discovered

Security Affairs

Experts linked the C2 infrastructure behind an the Abcbot botnet to a cryptocurrency-mining botnet attack that was uncovered in December 2020. Experts linked the infrastructure used by the Abcbot DDoS botnet to the operations of a cryptocurrency-mining botnet that was uncovered in December 2020.

Mining 279
article thumbnail

New Redis miner Migo uses novel system weakening techniques

Security Affairs

A new malware campaign targets Redis servers to deploy the mining crypto miner Migo on compromised Linux hosts. One of the honeypots used by Cado was targeted by an attack originating from the IP 103[.]79[.]118[.]221 Caro Security researchers have observed a new malware campaign targeting Redis servers with a crypto miner dubbed Migo.

Mining 334
article thumbnail

TeamTNT is back and targets servers to run Bitcoin encryption solvers

Security Affairs

In the first week of September, AquaSec researchers identified at least three different attacks targeting their honeypots, the experts associated them with the cybercrime gang TeamTNT. The TeamTNT botnet is a crypto-mining malware operation that has been active since April 2020 and targets Docker installs. Pierluigi Paganini.

article thumbnail

Threat Group TeamTNT Returns with New Cloud Attacks

eSecurity Planet

A retired threat actor has returned with new attacks aimed at the cloud, containers – and encryption keys. These cybercriminals are known for their creativity and ability to target cloud environments, as they introduced new techniques in 2020 that hadn’t been seen before. How to Protect Against Cloud, Container Threats.

Cloud 138