By continuing to use the site or forum, you agree to the use of cookies, find out more by reading our GDPR policy

Security researchers have discovered an ongoing cryptojacking campaign which infects unpatched computers of businesses from all over the world with XMRig Monero miners using Equation group's leaked exploit toolkit. The cybercriminals behind this cryptomining campaign use the NSA-developed EternalBlue and EternalChampion SMB exploits to compromise vulnerable Windows computers, exploits which were leaked by the Shadow Brokers hacker group in April 2017. While Microsoft patched the security flaws these tools abused to break into Windows machines there are still a lot of exposed computers because they haven't been updated to newer OS versions not being impacted by these very dangerous vulnerabilities. "The campaign seems to be widespread, with targets located in all regions of the world. Countries with large populations such as China and India also had the most number of organizations being targeted," said Trend Micro's researchers, the ones who unearthed this ongoing cryptojacking campaign targeting companies from all over the world. In addition, "businesses across a wide range of industries, including education, communication, and media, banking, manufacturing, and technology" are being targeted in these attacks, with the bad actors focusing on victims who use "obsolete or unpatched software." An auto-spreading EternalBlue-based backdoor and a variant of the Vools Trojan is used as the main tool to deploy roughly 80 variants of the XMRig cryptocurrency miners on infected computers, using five different mining configurations with similar usernames and identical passwords. Complete details can be found on OUR FORUM.

 

GTranslate