Hackers Broke Into Thousands of Enterprise Servers and Mined Monero
A hacker group Blue Mockingbird is behind breaking into at least a thousand corporate servers for the purpose of hidden mining of the Monero cryptocurrency.
Hacking method and malware
From the information provided by cybersecurity company Red Canary, hackers used vulnerability CVE-2019-18935 in the platform of client interface components Telerik UI for web services on ASP.NET.
Varying the Juicy Potato utility, they took control of the webserver and installed malware called XMRRig, engaged in the hidden mining of Monero.
This was a very large attack that affected more than a thousand hacked servers. After hacking the server, hackers went further and infected other computers of the company. Experts suppose, in fact the possibility there can be much more such attacks.
What is this vulnerability like?
For the vast majority of people “CVE-2019-18935 vulnerability” does not make sense. But in the language of programmers, this is considered an extremely dangerous vulnerability that hackers have already used several times. As a rule, to prevent this kind of attack, it is necessary to block the exploitation of the vulnerability at the firewall level.
Earlier we wrote that in Europe, supercomputers were mining Monero, and not looking for a vaccine from COVID-19. In addition, it is worth mentioning that the Covid-19 pandemic has intensified the activity of North Korean hackers. And even earlier, information appeared that scammers were using the COVID-19 pandemic as a new weapon.