Blue Mockingbird, a hacking group tried to distribute Monero mining malware to its enterprise targets as we are reading further in the latest Monero news.
The Red Canary Intel discovered that some of the earliest showings of Blue Mockingbird traced back to December last year. There were two incidents that were investigated by the security firm. One was the threat that gained entry into a targeted organization and its network by exploiting a vulnerability. This vulnerability affected the web applications which were public and used Telerik UI For the ASP.NET AJAX. This process enabled the threat to further upload two dynamic-link libraries to the Windows IIS web server app.
The payload which was launched by Blue Mockingbird hacking group was XMRig which is a Monero-mining tool that was incorporated into their attack campaigns. They were not happy with one victim so the attackers abused the remote desktop protocol to move throughout the entire network so they can distribute payloads through the enterprise. This way they gained increased efficiency of one single attack.
Blue Mockingbird is not the only Monero-mining attack campaign that targeted enterprises over the past few years. Back in 2018, Kaseya issued multiple patches in response to a vulnerability which some of the malicious actors abused in order to target vulnerable organizations with Monero’s mining software. In 2018, Imperva looked into the attackers that exploited a remote code execution vulnerability to spread the Kitty monero miner. In 2019, Paolo Alto spotted a cryptojacking worm that was spreading in the Docker Engine containers in order to activate a Monero miner.
Many of security professionals believe they can defend their organizations against threats such as this one. They use risk assessments to determine the impact of the Monero-mining attacks on their business assets and performance. The teams should disable JavaScript in browsers wherever they can and should use updated threat intelligence in order to stay on top with the latest attacks and learn more about its opponents.
Just a few days ago as we reported in the Monero news, Monero’s mining Botnet that affected more than 35,000 computers, was officially taken down by ESET, the Slovak cybersecurity company that initially identified the botnet dubbed VictoryGate.
DC Forecasts is a leader in many crypto news categories, striving for the highest journalistic standards and abiding by a strict set of editorial policies. If you are interested to offer your expertise or contribute to our news website, feel free to contact us at [email protected]
Discussion about this post