Groups and Mining - Information Management Today

Pacha Group declares war to rival crypto mining hacking groups

Security Affairs

MAY 12, 2019

Two hacking groups associated with large-scale crypto mining campaigns, Pacha Group and Rocke Group , wage war to compromise as much as possible cloud-based infrastructure. org is in this blacklist and it is known that Rocke Group has used this domain for their crypto-mining operations. .

Mining

Mining Cloud Security IT

Israel surveillance firm NSO group can mine data from major social media

Security Affairs

JULY 19, 2019

The Israeli surveillance firm NSO Group informed its clients that it is able to scoop user data by mining from major social media. The Financial Times reported that the Israeli surveillance firm NSO Group informed its clients that it is able to mine user data from major social media. Pierluigi Paganini.

Mining

Mining Cloud Archiving Sales

OAuth apps used in cryptocurrency mining, phishing campaigns, and BEC attacks

Security Affairs

DECEMBER 13, 2023

Microsoft warns that threat actors are using OAuth applications cryptocurrency mining campaigns and phishing attacks. Threat actors are using OAuth applications such as an automation tool in cryptocurrency mining campaigns and other financially motivated attacks. ” states Microsoft. ” continues the report.

Mining

Mining Phishing Passwords Access

Webinars

Maximizing Profit and Productivity: The New Era of AI-Powered Accounting

Automation, Evolved: Your New Playbook For Smarter Knowledge Work

MORE WEBINARS

Cloud-Based Cryptocurrency mining attacks abuse GitHub Actions and Azure VM

Security Affairs

JULY 12, 2022

Researchers investigated cloud-based cryptocurrency mining attacks targeting GitHub Actions and Azure VMs. Researchers from Trend Micro published a report that details cloud-based cryptocurrency mining attacks targeting GitHub Actions and Azure VMs and the threat actors behind them. ” states the report published by Trend Micro.

Mining

Mining Cloud IoT IT

Group-IB: The Shadow Market Is Flooded with Cheap Mining Software

Security Affairs

AUGUST 11, 2018

Group-IB is recording new outbreaks of illegal mining (cryptojacking) threats in the networks of commercial and state organizations. According to Group-IB’s Threat Intelligence , over a year, the number of shadow-forum ads offering mining software has increased fivefold (H1 2018 vs H1 2017).

Mining

Mining Marketing IoT Compliance

CrowdStrike discovered the first-ever Dero cryptocurrency mining campaign

Security Affairs

MARCH 15, 2023

CrowdStrike researchers discovered the first-ever cryptocurrency mining campaign aimed at Dero mining since February 2023. The mining efforts by the pods are contributed back to a community pool, which distributes the reward (i.e., Dero coin) equally among its contributors through their digital wallet.”

Mining

Mining Privacy IT Access

TeamTNT group uses Hildegard Malware to target Kubernetes Systems

Security Affairs

FEBRUARY 5, 2021

The TeamTNT hacker group has been employing a new piece of malware, dubbed Hildegard, to target Kubernetes installs. The hacking group TeamTNT has been employing a new piece of malware, dubbed Hildegard, in a series of attacks targeting Kubernetes systems. The malware deploys the XMRig mining tool to mine Monero cryptocurrency.

Mining

Mining Libraries Encryption Access

TeamTNT group adds new detection evasion tool to its Linux miner

Security Affairs

JANUARY 28, 2021

The TeamTNT cybercrime group has improved its Linux cryptocurrency miner by implementing open-source detection evasion capabilities. The TeamTNT cybercrime group has upgraded their Linux cryptocurrency miner by adding open-source detection evasion capabilities, AT&T Alien Labs researchers warn. Pierluigi Paganini.

Libraries

Libraries IT Mining Security

Scam ‘Funeral Streaming’ Groups Thrive on Facebook

Krebs on Security

SEPTEMBER 18, 2024

Scammers are flooding Facebook with groups that purport to offer video streaming of funeral services for the recently deceased. One of the many scam funeral group pages on Facebook. One of many look-alike landing pages for video streaming services linked to scam Facebook funeral groups.

Passwords

Passwords Mining IT Marketing

ExCobalt Cybercrime group targets Russian organizations in multiple sectors

Security Affairs

JUNE 24, 2024

The cybercrime group ExCobalt targeted Russian organizations in multiple sectors with a previously unknown backdoor known as GoRed. Members of the ExCobalt group have been active since at least 2016, the researchers believe that the group is linked to the notorious Cobalt Gang.

File names

File names Communications Mining Archiving

Ransomware, Trojan and Miner together against “PIK-Group”

Security Affairs

FEBRUARY 28, 2019

Security expert Marco Ramilli analyzed a new piece of malware apparently designed to target PIK-Group that implements ransomware , Trojan, and Miner capabilities. which according to google translate would be: “PIK Group of Companies order details”. According to zcashnetwork the attacker’s wallet received from mining activity 4.89

Ransomware

Ransomware Mining File names Encryption

Phishers abuse CrowdStrike brand targeting job seekers with cryptominer

Security Affairs

JANUARY 10, 2025

The executable then downloads a text file containing XMRig configuration details to initiate mining activities. Fraudulent interviews and job offers use fake websites, email addresses, group chats and text messages. If the environment passes these checks, it displays a fake error message before proceeding. ” concludes the report.

Phishing

Phishing Mining Authentication Communications

North Korean Threat Groups Steal Crypto to Pay for Hacking

Data Breach Today

MARCH 28, 2023

APT43 Launders Crypto Through Mining, Says Mandiant North Korean hackers are stealing cryptocurrency to fund operations under an apparent mandate from Pyongyang to be self-sufficient, threat intel firm Mandiant says.

Mining

Mining IT

Conti Ransomware Group Diaries, Part IV: Cryptocrime

Krebs on Security

MARCH 7, 2022

Three stories here last week pored over several years’ worth of internal chat records stolen from the Conti ransomware group, the most profitable ransomware gang in operation today. “We find young forks on exchanges (those that can be mined), analyze their infrastructure,” Begemot wrote. We start ddosing. We release ddos.

Ransomware

Ransomware Mining Blockchain Sales

New MrbMiner malware infected thousands of MSSQL DBs

Security Affairs

SEPTEMBER 16, 2020

A threat actor is launching brute-force attacks on MSSQL servers in the attempt to access them to install a new crypto-mining malware dubbed MrbMiner. A group of hackers is launching brute-force attacks on MSSQL servers with the intent to compromise them and install crypto-mining malware dubbed MrbMiner. Mining process.”

Mining

Mining Passwords Access Security

Malware Targets Kubernetes Clusters

Data Breach Today

FEBRUARY 4, 2021

Researchers: 'Hildegard' Linked to TeamTNT Hacking Group A previously undocumented malware variant called "Hildegard" is targeting Kubernetes clusters, according to Palo Alto Networks' Unit 42. The malicious code is likely the work of the TeamTNT hacking group, which mines for monero cryptocurrency.

Mining

TeamTNT group targets poorly configured Docker servers exposing REST APIs

Security Affairs

NOVEMBER 9, 2021

182 used in this campaign was previously associated with the operations of the TeamTNT group. “Our July 2021 research into TeamTNT showed that the group previously used credential stealers that would rake in credentials from configuration files. Experts noticed that the IP address 45[.]9[.]148[.]182 Pierluigi Paganini.

Mining

Mining Security IT Information Security

Cryptomining Campaign Leverages MS Exchange Server Flaw

Data Breach Today

APRIL 25, 2021

Cybereason Says Russian Hacking Group Prometei is Behind the Campaign A Russian botnet group called Prometei is exploiting critical Microsoft Exchange Server vulnerabilities to mine cryptocurrency from various organizations across the world, a new report by security firm Cybereason finds.

Mining

Mining Security

Nearly 50,000 IPs compromised in Kubernetes clusters by TeamTNT

Security Affairs

MAY 26, 2021

Researchers from Trend Micro reported that about 50,000 IPs were compromised across multiple Kubernetes clusters in a cryptojacking campaign conducted by TeamTNT group. The TeamTNT botnet is a crypto-mining malware operation that has been active since April 2020 and that targets Docker installs. sh) used by the TeamTNT group.

Mining

Mining Cloud Security IT

TeamTNT is the first cryptomining bot that steals AWS credentials

Security Affairs

AUGUST 18, 2020

The TeamTNT botnet is a crypto-mining malware operation that has been active since April and that targets Docker installs. The activity of the TeamTNT group has been detailed by security firm Trend Micro, but the new feature was added only recently. It’s the first worm we’ve seen that contains such AWS specific functionality.

Mining

Mining Security Access IT

Group-IB presented latest cybercrime and nation-state hacking trends in Asia

Security Affairs

NOVEMBER 16, 2018

According to Group-IB’s report findings, Asia is one of the most actively attacked regions in the world, the company presented latest cybercrime trends. According to Group-IB’s report findings, Asia is one of the most actively attacked regions in the world. Espionage as one of the main APT groups’ goals.

Phishing

Phishing Manufacturing Marketing Blockchain

North Korea Is Now Mining Crypto to Launder Its Stolen Loot

WIRED Threat Level

MARCH 28, 2023

A spy group working for the Kim regime has been feeding stolen coins into crypto mining services in an effort to throw tracers off their trail.

Mining

Mining IT Blockchain Security

TeamTNT botnet now steals Docker API and AWS credentials

Security Affairs

JANUARY 10, 2021

The TeamTNT botnet is a crypto-mining malware operation that has been active since April 2020 and that targets Docker installs. The activity of the TeamTNT group has been detailed by security firm Trend Micro, but in August experts from Cado Security discovered that that botnet is also able to target misconfigured Kubernetes installations.

Mining

Mining Metadata Authentication Security

EVRAZ operations in North America disrupted by Ryuk ransomware

Security Affairs

MARCH 7, 2020

Computer systems at EVRAZ, a multinational vertically integrated steel making and mining company, have been hit by Ryuk ransomware. EVRAZ is one of the world’s largest multinational vertically integrated steel making and mining companies with headquarters in London.

Ransomware

Ransomware Computer and Electronics Mining Manufacturing

Android Debugging Tools Also Useful for Compromising Devices, Mining Cryptocurrency

Security Affairs

JULY 24, 2018

.” The binary establishes a connection to the C&C server, then scans processes running on the compromised device and attempts to kill any that are running the CoinHive script that could be mining Monero. He is currently Global CISO for the ATCO Group of companies. Pierluigi Paganini.

Mining

Mining IoT Blockchain Risk

Cryptomining Campaign Leverages Exchange Server Flaws

Data Breach Today

APRIL 26, 2021

Cybereason Says Russian Hacking Group Prometei Is Behind the Campaign A Russian botnet group called Prometei is exploiting critical Microsoft Exchange Server vulnerabilities to mine cryptocurrency across the world, a new report by security firm Cybereason finds.

Mining

Mining Security

TeamTNT cybercrime gang expands its arsenal to target thousands of orgs worldwide

Security Affairs

SEPTEMBER 9, 2021

The financially motivated TeamTNT hacking group expanded its arsenal with new tools used to target thousands of victims worldwide. Researchers from AT&T Alien Labs uncovered a new campaign, tracked as Chimaera, conducted by the TeamTNT group , aimed at organizations worldwide. ” reads the analysis published by AT&T.

Mining

Mining IT Cloud Security

Large-scale cryptomining campaign is targeting the NPM JavaScript package repository

Security Affairs

JULY 7, 2022

Researchers uncovered a large-scale cryptocurrency mining campaign targeting the NPM JavaScript package repository. Checkmarx researchers spotted a new large-scale cryptocurrency mining campaign, tracked as CuteBoi , that is targeting the NPM JavaScript package repository. CuteBoi relies on a disposable email service called mail.tm

Mining

Mining Security IT Information Security

Chinese Group Targeting Vulnerable Cloud Providers, Applications

Data Breach Today

JANUARY 21, 2023

Crypto Mining Campaign Targets Public Cloud Environments, Increases Security Risks Cybersecurity researchers say a Chinese for-profit threat group tracked as 8220 Gang is targeting cloud providers and poorly secured applications with a custom-built crypto miner and IRC bot.

Cloud

Cloud Mining Risk Cybersecurity

APT hacked a US municipal government via an unpatched Fortinet VPN

Security Affairs

MAY 27, 2021

The Federal Bureau of Investigation (FBI) reported that an APT group had breached the network of a local US municipal government by exploiting vulnerabilities in an unpatched Fortinet VPN. As of at least May 2021, an APT actor group almost certainly exploited a Fortigate appliance to access a webserver hosting the domain for a U.S.

Government

Government Mining Archiving Encryption

RedFoxtrot operations linked to China’s PLA Unit 69010 due to bad opsec

Security Affairs

JUNE 19, 2021

Experts from Recorded Future’s Insikt Group linked a series of attacks, part of RedFoxtrot China-linked campaigns, to the PLA China-linked Unit 69010. These targets suggest the group is likely interested in gathering intelligence on military technology and defense” reads the report published by the Insikt Group.

Military

Military Mining Government Communications

MrbMiner cryptojacking campaign linked to Iranian software firm

Security Affairs

JANUARY 23, 2021

Sophos researchers that investigated the recently uncovered crypto-mining campaign targeting SQL servers with MrbMiner malware believe that it was conducted by an Iran-based company. The name of the miner comes after one of the domains used by the group to host their malicious code.

Mining

Mining Communications Access Privacy

Russia-linked APT28 and crooks are still using the Moobot botnet

Security Affairs

MAY 3, 2024

The Ubiquiti EdgeRouter botnet is still used by Russia-linked group APT28 and cybercriminals organizations. Trend Micro researchers reported that the EdgeRouter botnet , called Moobot , used by the APT28 group is still active and is also used by cyber criminal organizations. ” reported Trend Micro. ” reported Trend Micro.

Healthcare

Healthcare Phishing Mining e-Discovery

Qilin ransomware steals credentials stored in Google Chrome

Security Affairs

AUGUST 23, 2024

The Qilin ransomware group has been active since at least 2022 but gained attention in June 2024 for attacking Synnovis , a UK governmental service provider for healthcare. The group typically employs “double extortion,” stealing and encrypting victims’ data, then threatening to expose it unless a ransom is paid.

Ransomware

Ransomware Passwords Mining Encryption

Atlassian Confluence zero-day CVE-2023-22515 actively exploited in attacks

Security Affairs

OCTOBER 4, 2023

The software firm also recommends checking instances for the following indicators of compromise: unexpected members of the confluence-administrator group unexpected newly created user accounts requests to /setup/*.action

Mining

Mining Access Authentication Cloud

After ChatGPT, Anonymous Sudan took down the Cloudflare website

Security Affairs

NOVEMBER 10, 2023

The hacktivist group Anonymous Sudan claimed responsibility for the massive distributed denial-of-service (DDoS) attack that took down the website of Cloudflare. “ To be clear, there was no Cloudflare breach. ” reads the message published on the group’s Telegram channel.

Mining

Mining Cloud IT Security

Vollgar botnet has managed to infect around 3k MSSQL DB servers daily

Security Affairs

APRIL 1, 2020

Cybersecurity researchers spotted a crypto-mining botnet, tracked as Vollgar, that has been hijacking MSSQL servers since at least 2018. Researchers at Guardicore Labs discovered a crypto-mining botnet , tracked as Vollgar botnet , that is targeting MSSQL databases since 2018. ” continues the analysis.

Mining

Mining Passwords Education Cybersecurity

Vietnam-linked Bismuth APT leverages coin miners to stay under the radar

Security Affairs

DECEMBER 1, 2020

Microsoft warns of Vietnam-linked Bismuth group that is deploying cryptocurrency miner while continues its cyberespionage campaigns. Researchers from Microsoft reported that the Vietnam-linked Bismuth group, aka OceanLotus , Cobalt Kitty , or APT32 , is deploying cryptocurrency miners while continues its cyberespionage campaigns.

Mining

Mining Manufacturing Government Phishing

Lemon_Duck cryptomining botnet targets Docker servers

Security Affairs

APRIL 22, 2022

The Lemon_Duck cryptomining botnet is targeting Docker servers to mine cryptocurrency on Linux systems. Crowdstrikes researchers reported that the Lemon_Duck cryptomining botnet is targeting Docker to mine cryptocurrency on Linux systems. “The “a.asp” file is the actual payload in this attack. ” concludes the report.

Mining

Mining Access Cloud Cybersecurity

The City of Durham shut down its network after Ryuk Ransomware attack

Security Affairs

MARCH 8, 2020

“According to the SBI, the ransomware, named Ryuk, was started by a Russian hacker group and finds its way into a network once someone opens a malicious email attachment. A few days ago EVRAZ , one of the world’s largest multinational vertically integrated steel making and mining companies, has been hit by the Ryuk ransomware.

Ransomware

Ransomware IT Computer and Electronics Mining

New Pro-Ocean crypto-miner targets Apache ActiveMQ, Oracle WebLogic, and Redis installs

Security Affairs

JANUARY 31, 2021

The Rocke group is using a new piece of cryptojacking malware dubbed Pro-Ocean to target Apache ActiveMQ, Oracle WebLogic, and Redis installs. The cybercrime group Rocke is using a new piece of cryptojacking malware called Pro-Ocean to target vulnerable Apache ActiveMQ, Oracle WebLogic, and Redis intalls. ” concludes the report.

Cloud

Cloud Libraries Mining IT

Sopra Steria hit by the Ryuk ransomware gang

Security Affairs

OCTOBER 23, 2020

“The Group’s teams are fully mobilized to ensure a return to normal as quickly as possible and everything is done to ensure business continuity. A few days before, EVRAZ , one of the world’s largest multinational vertically integrated steel making and mining companies, has been hit by the Ryuk ransomware.

Ransomware

Ransomware Computer and Electronics Mining Manufacturing

Cryptocurrency: A Gold Mine for Open-Source Intelligence

Data Breach Today

JUNE 4, 2018

The very design of bitcoin, as well as some other virtual currencies, can lend a surprising amount of information about the groups using it to transact. Expert Says Virtual Currency Systems Leak Useful Data to Track Criminals Experts have long warned that bitcoin is not as private as it appears.

Mining

Mining IT

Multi-Vector Miner+Tsunami Botnet with SSH Lateral Movement

Security Affairs

DECEMBER 2, 2020

Evasion and Persistence: The botnet achieves persistence in multiple ways; kills running processes, potentially competing for mining tools and eliminates EDR. They are grouped in 2 groups. The second group of python scripts downloads and runs the Tsunami binaries. There are 4 python scripts in total. 8080 209.141.35.17:8080.

Mining

Mining IoT Cloud Security

Pacha Group declares war to rival crypto mining hacking groups

Israel surveillance firm NSO group can mine data from major social media

Webinars

Trending Sources

OAuth apps used in cryptocurrency mining, phishing campaigns, and BEC attacks

Webinars

Cloud-Based Cryptocurrency mining attacks abuse GitHub Actions and Azure VM

Group-IB: The Shadow Market Is Flooded with Cheap Mining Software

CrowdStrike discovered the first-ever Dero cryptocurrency mining campaign

TeamTNT group uses Hildegard Malware to target Kubernetes Systems

TeamTNT group adds new detection evasion tool to its Linux miner

Scam ‘Funeral Streaming’ Groups Thrive on Facebook

ExCobalt Cybercrime group targets Russian organizations in multiple sectors

Ransomware, Trojan and Miner together against “PIK-Group”

Phishers abuse CrowdStrike brand targeting job seekers with cryptominer

North Korean Threat Groups Steal Crypto to Pay for Hacking

Conti Ransomware Group Diaries, Part IV: Cryptocrime

New MrbMiner malware infected thousands of MSSQL DBs

Malware Targets Kubernetes Clusters

TeamTNT group targets poorly configured Docker servers exposing REST APIs

Cryptomining Campaign Leverages MS Exchange Server Flaw

Nearly 50,000 IPs compromised in Kubernetes clusters by TeamTNT

TeamTNT is the first cryptomining bot that steals AWS credentials

Group-IB presented latest cybercrime and nation-state hacking trends in Asia

North Korea Is Now Mining Crypto to Launder Its Stolen Loot

TeamTNT botnet now steals Docker API and AWS credentials

EVRAZ operations in North America disrupted by Ryuk ransomware

Android Debugging Tools Also Useful for Compromising Devices, Mining Cryptocurrency

Cryptomining Campaign Leverages Exchange Server Flaws

TeamTNT cybercrime gang expands its arsenal to target thousands of orgs worldwide

Large-scale cryptomining campaign is targeting the NPM JavaScript package repository

Chinese Group Targeting Vulnerable Cloud Providers, Applications

APT hacked a US municipal government via an unpatched Fortinet VPN

RedFoxtrot operations linked to China’s PLA Unit 69010 due to bad opsec

MrbMiner cryptojacking campaign linked to Iranian software firm

Russia-linked APT28 and crooks are still using the Moobot botnet

Qilin ransomware steals credentials stored in Google Chrome

Atlassian Confluence zero-day CVE-2023-22515 actively exploited in attacks

After ChatGPT, Anonymous Sudan took down the Cloudflare website

Vollgar botnet has managed to infect around 3k MSSQL DB servers daily

Vietnam-linked Bismuth APT leverages coin miners to stay under the radar

Lemon_Duck cryptomining botnet targets Docker servers

The City of Durham shut down its network after Ryuk Ransomware attack

New Pro-Ocean crypto-miner targets Apache ActiveMQ, Oracle WebLogic, and Redis installs

Sopra Steria hit by the Ryuk ransomware gang

Cryptocurrency: A Gold Mine for Open-Source Intelligence

Multi-Vector Miner+Tsunami Botnet with SSH Lateral Movement

Stay Connected