Malware, Cloud Security, Threat Management, Endpoint/Device Security
Microsoft: Linux-targeted malware campaign updated
Microsoft has warned that the Chinese-speaking 8220 gang has updated its malware campaign aimed at infecting Linux servers with cryptomining malware, ZDNet reports.
Aside from leveraging RCE exploits for a critical Atlassian Confluence Server and Data Center vulnerability, tracked as CVE-2022-26134, as well as a WebLogic flaw, tracked as CVE-2019-2725 for initial access, the latest campaign also involved the use of a new version of the pwnRig cryptominer and an IRC bot, according to Microsoft's Security Intelligence Center. Attackers have been downloading a loader for configuration changes to facilitate security service deactivation, cryptominer downloads, and network persistence, said the report.
"The loader uses the IP port scanner tool "masscan" to find other SSH servers in the network, and then uses the GoLang-based SSH brute force tool "spirit" to propagate. It also scans the local disk for SSH keys to move laterally by connecting to known hosts," said Microsoft, which recommended the activation of Defender for Endpoint tamper protection settings to curb such an attack.
An In-Depth Guide to Cloud Security
Get essential knowledge and practical strategies to fortify your cloud security.
Get daily email updates
SC Media's daily must-read of the most current and pressing daily news
You can skip this ad in 5 seconds