Dangerous new malware infects thousands of enterprise devices
Blue Mockingbird campaign targets server hardware
When you purchase through links on our site, we may earn an affiliate commission.Here’s how it works.
Thousands of enterprise devices around the world are being targeted by a new malware campaign dubbed Blue Mockingbird.
Once infected, this malware downloads and installs additional payloads that use the device to mine Monero cryptocurrency, which is then sent to the hackers.
According to researchers at cloud security firm Red Canary, this vulnerability has been active since last December and has continued till April. The hackers reportedly target vulnerable public-facing servers that use the Telerik UI framework.
Once the hackers get access to the system, they use JuicyPotato technique to gain admin-level access and deploy Monero-mining tool XMRIG packaged as a DLL on Windows systems.
Blue Mockingbird
If the affected servers are found to be connected to a company’s internal network, the hackers reportedly attempt to spread the malware within the network using Remote Desktop Protocol (RDP) or Server Message Block (SMB) connections.
Researchers believe that the outdated version of Telerik UI, which is a part of ASP.Net-based server applications, could be the real culprit behind this vulnerability.
Red Canary’sreportstates that while the hackers are targeting smaller organisations, they may have already impacted several thousand devices. The actual number of infected devices could be more since companies that are considered to be safe are also prone to this crypto mining attack.
Are you a pro? Subscribe to our newsletter
Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!
“Like any security company, we have limited visibility into the threat landscape and no way of accurately knowing the full scope of this threat,” Red Canary noted in a statement.
“This threat, in particular, has affected a very small percentage of the organisations whose endpoints we monitor. However, we observed roughly 1,000 infections within those organisations, and over a short amount of time.”
In order to block such threats, the researchers suggest patching web servers and web applications, adding that if this is not possible, these attempts should be blocked at the initial level itself by using a firewall.
Via:ZDNet
Jitendra has been working in the Internet Industry for the last 7 years now and has written about a wide range of topics including gadgets, smartphones, reviews, games, software, apps, deep tech, AI, and consumer electronics.
Cisco issues patch to fix serious flaw allowing possible industrial systems takeover
Washington state court systems taken offline following cyberattack
Lego will let you build Sir Ernest Shackleton’s iconic lost ship, the Endurance, in its next Icons set
