The global scale of the hacker group’s operations was revealed by cloud security firm Red Canary on May 26. The report outlined the group’s methodology.
The malware attacks servers running ASP.NET applications and exploits a vulnerability to install a web shell on the attacked computer and obtain administrator-level access to modify the server settings.
Next, the cybercriminals install the XMRRig application to take advantage of the resources of the infected machines.
Most of the infected computers belong to large companies, though Red Canary did not reveal any names. As with recent ransomware attacks using Trojans, criminals took advantage of the weakness of the Remote Desktop Protocol in Windows to penetrate systems.
The report highlights that although it is difficult to quantify the total number of infections, these attacks occurred in a relatively short amount of time.
If you are new to the Cryptocurrency world and would like to open an account we recommend Cex.io.