Type
Campaign
Actors
Unknown
Pub. date
November 20, 2023
Initial access
1-day vulnerability
Impact
Resource hijacking
Observed techniques
Vulnerability exploitation
Observed tools
Cobalt StrikeGh0st RATXMRig
Targeted technologies
Apache HTTP Server
References
https://asec.ahnlab.com/en/59110/
Status
Finalized
Last edited
Jun 2, 2024 11:52 AM
Researchers detected a cyber attack campaign that installs the XMRig CoinMiner on Windows web servers operating Apache. The threat actor employed Cobalt Strike to manage the compromised system. Cobalt Strike, a commercial penetration testing tool, has recently become a common method for taking over internal systems in numerous attacks, including those involving Advanced Persistent Threats (APTs) and ransomware.
Once the attackers then obtain control over the infected system, they install on the machine a CoinMiner that mines Monero coins.