Chinese hackers infected over 50,000 servers globally with malware

Security researchers from Guardicore a security specialist company based in Tel Aviv have reportedly detected one malicious campaign which contaminated more than 50,000 PHPMyAdmin and MS-SQL Windows servers worldwide with malware. The attack outbreak, which understandably is the work of Chinese hackers, features an odd combination of sluggish incompetence yet sophistication.

Guardicore Labs the cyber-security company stated, 29th May, the massive-sized malicious campaign given the name "Nansh0u campaign" started in February and still running while spread onto more than 700 victims on a daily basis. www.coindesk.com posted this, June 3, 2019.

Also according to the company, organizations within the IT, media, telecom and healthcare sectors had all fallen victim to the hacks. Their servers in considerable numbers got contaminated with malevolent payloads which planted rootkit of kernel-mode kind for stopping the malware, most commonly crypto-miner, against getting detected and terminated. There was Verisign issued digital signature for the kernel driver as also the latter was safeguarded and obfuscated using software tool called VMProtect which tries thwarting malware researchers and reverse engineers.

Using one port scanner along with an MS-SQL tool which brute forces entry, followed with executing code remotely the hackers deploy their malicious software. The hack begins by determining logins and passwords based on tests of innumerable very ordinary credential combinations. www.cbronline.com posted this, May 29, 2019.

Significantly according to Guardicore, the Chinese hackers employed sophisticated tools similar as ones which nation-states use, suggesting that elite digital weapons are getting easily available to cyber-crooks as well.

The security company stated that the Nansh0u attack scheme wasn't any characteristic crypto-miner assault. It utilized methodologies frequently observed within 'Advanced Persistent Threats' like right escalation exploits and fake certificates. Whilst sophisticated attack tools until now were the domain of extremely dexterous adversaries, the current malware campaign indicated that such weaponry could without difficulty be in the grasp of lesser skilled attackers too. www.coindesk.com posted this, June 3, 2019.

Moreover, the malware campaign illustrates common passwords as continuing being the weakest connection within modern attack schemes. It's therefore, greatly advised that organizations use strong credentials for safeguarding their assets even as they should strengthen their networks with segmentations.

» SPAMfighter News - 6/6/2019