Type
Campaign
Actors
Mimo operator
Pub. date
January 18, 2024
Initial access
1-day vulnerability
Impact
Resource hijackingRansomOp
Observed tools
MimoNHAS reverse_sshXMRigMimusPeer2Profit
Targeted technologies
VMware HorizonConfluence ServerWSO2Apache ActiveMQPaperCut
References
https://asec.ahnlab.com/en/60440/https://news.sophos.com/en-us/2022/03/29/horde-of-miner-bots-and-backdoors-leveraged-log4j-to-attack-vmware-horizon-servers/https://www.trendmicro.com/en_us/research/22/e/patch-your-wso2-cve-2022-29464-exploited-to-install-linux-compatible-cobalt-strike-beacons-other-malware.htmlhttps://www.lacework.com/blog/kinsing-dark-iot-botnet-among-threats-targeting-cve-2022-26134/https://www.esentire.com/blog/papercut-vulnerability-exploited-to-deliver-cryptocurrency-miner-to-education-sector-customerhttps://asec.ahnlab.com/en/36820/
Status
Stub
Last edited
Jun 2, 2024 8:02 AM