Type
Campaign
Actors
Pub. date
November 20, 2023
Initial access
1-day vulnerability
Impact
Resource hijacking
Observed techniques
Observed tools
Targeted technologies
References
Status
Finalized
Last edited
Jun 2, 2024 11:52 AM
Researchers detected a cyber attack campaign that installs the XMRig CoinMiner on Windows web servers operating Apache. The threat actor employed Cobalt Strike to manage the compromised system. Cobalt Strike, a commercial penetration testing tool, has recently become a common method for taking over internal systems in numerous attacks, including those involving Advanced Persistent Threats (APTs) and ransomware.
Once the attackers then obtain control over the infected system, they install on the machine a CoinMiner that mines Monero coins.