BSV
$53.9
Vol 45.27m
0.64%
BTC
$97166
Vol 62740m
-0.26%
BCH
$454.59
Vol 382.97m
3.25%
LTC
$100.16
Vol 971.71m
2.46%
DOGE
$0.32
Vol 7521.97m
4.28%
Getting your Trinity Audio player ready...

A new group of hackers has been targeting vulnerable enterprise systems and using them to process privacy coin Monero. The group is believed to have been active since December 2019 and infected thousands of systems.

Security researchers from U.S. cybersecurity firm Red Canary have been monitoring the group, which they referred to as Blue Mockingbird. According to the researchers, the hackers exploit public-facing web applications that depend on Telerik UI for ASP.NET, a framework used in web development. While it accelerates the web development process, it’s prone to CVE-2019-18935 vulnerability.

Once the hackers infiltrate the system, they deploy XMRIG, an open-source Monero processing tool that has proven a favorite for hackers.

The malware executes a number of strategies to increase its reach and avoid removal. One of them is exploiting weakly-secured remote desktop protocol connections to spread internally. It also executes a malicious DLL that restores all items removed by a system’s defenders.

Red Canary claims that the malware is not fully defined, with the hackers still experimenting with a few tools to find the best ones. The company further revealed to ZDNet that it doesn’t have a full overview of the malware’s activities.

“Like any security company, we have limited visibility into the threat landscape and no way of accurately knowing the full scope of this threat. This threat, in particular, has affected a very small percentage of the organizations whose endpoints we monitor. However, we observed roughly 1,000 infections within those organizations, and over a short amount of time,” the company stated.

The researchers predict that the malware could end up infecting many other systems, especially since it targets vulnerable Telerik UI components. Many companies don’t put measures in place to protect themselves from such an attack. In some cases, companies aren’t even aware that their systems rely on Telerik UI components.

Studies conducted by several global agencies, including the NSA show that Telerik UI vulnerabilities are among the most exploited by cybercriminals globally.

Red Canary was able to identify two Monero addresses that the hackers use. However, due to the private nature of Monero, they couldn’t establish how successful their campaign has been.

Recommended for you

Google unveils ‘Willow’; Bernstein downplays quantum threat to Bitcoin
Google claims that Willow can eliminate common errors associated with quantum computing, while Bernstein analysts noted that Willow’s 105 qubits...
December 18, 2024
WhatsOnChain adds support for 1Sat Ordinals with new API set
WhatsOnChain now supports the 1Sat Ordinals with a set of APIs in beta testing; with this new development, developers can...
December 13, 2024
Advertisement
Advertisement
Advertisement