BSV
$66.92
Vol 68.96m
-4.83%
BTC
$90311
Vol 47474.8m
-0.6%
BCH
$435.55
Vol 904.76m
-6.32%
LTC
$88.93
Vol 1953.48m
-4.49%
DOGE
$0.36
Vol 9339.04m
-0.86%
Getting your Trinity Audio player ready...

A cryptocurrency hacking crew known as Panda has been identified by cybersecurity researchers, reported to be amongst the most prolific originators of crypto attacks.

The group is thought to have built up an arsenal of $90,000 worth of cryptocurrency, gained from the use of undetected mining malware and so-called remote access tools (RATs). While the group is seen by researchers as comparatively unsophisticated in their approach, Panda has been active over a number of years, according to the research conducted by Cisco Talos Intelligence Group.

Highlighted in their research is Panda’s reliance on exploiting vulnerable web apps, which had resulted in over 300,000 downloads of the malware by October 2018.

According to the firm, the group has been exploiting those slow to patch web apps with security updates, a technique they have been deploying continuously for maximum effect.

They also frequently update their targeting, using a variety of exploits to target multiple vulnerabilities, and is quick to start exploiting known vulnerabilities shortly after public POCs become available, becoming a menace to anyone slow to patch.

The group first came to light in 2018, after its successful MassMiner campaign was detected as a malicious cryptocurrency mining script, mining alternative cryptocurrency Monero (XMR).

Since then, the group has shifted to greater reliance on Mimikatz, a script which allows them to harvest sensitive information such as usernames and passwords. According to Talos research, Panda has been active across a range of industries, including targets in banking, transportation, telecommunications, IT services and healthcare.

There are suspicions that the mysterious group could be Chinese origin, named after a domain belonging to the group which itself was registered to a Chinese actor.

IP matching also points towards China, with the group seemingly unconcerned about going to lengths to conceal their identity. Researchers have even identified the type of web framework used to spread the attacks, which is especially popular in China.

“Panda’s operational security remains poor, with many of their old and current domains all hosted on the same IP and their TTPs remaining relatively similar throughout campaigns. The payloads themselves are also not very sophisticated,” according to the research.

The identification of Panda serves as a reminder of the dangers posed by scammers and cryptocurrency mining scripts in exploiting loopholes in web apps for profit. With at least hundreds of thousands potentially affected, Panda looks to be one of the leading sources of crypto mining scams.

Recommended for you

Sentinel Node upholds heightened security with 56M snapshots
CERTIHASH keeps up with its mission to offer enterprises heightened security for their data with BSV-powered Sentinel Node, recently registering...
November 14, 2024
ODHack 9.0: Better wallet, easy testnet coins for developers
OnlyDust's ODHack 9.0 hackathon event provides developers building on the BSV blockchain with new ways to test their applications without...
November 8, 2024
Advertisement
Advertisement
Advertisement