December 5, 2024 at 10:42PM A Nebraska man pleaded guilty to running a significant cryptojacking operation, which involves illicitly using computer resources for cryptocurrency mining. His arrest and charges occurred in April, culminating in this recent plea. **Meeting Takeaways:** 1. A Nebraska man has pleaded guilty. 2. The case involves a large-scale cryptojacking operation. 3. … Read more
December 5, 2024 at 07:09PM Charles O. Parks III pleaded guilty to running a large-scale cryptojacking operation that defrauded cloud service providers out of $3.5 million to mine nearly $970,000 in cryptocurrency. He used various aliases, abused services, laundered profits, and faces up to 20 years in prison upon sentencing. **Meeting Takeaways: Charles O. Parks … Read more
November 14, 2024 at 04:57AM A new malware, RustyAttr, has been linked to the North Korean Lazarus Group, utilizing macOS file extended attributes to execute attacks. Disguised as legitimate applications, it uses distractions like error messages and fake PDFs. Protection remains effective on macOS systems, but social engineering may still be needed to bypass safeguards. … Read more
October 26, 2024 at 05:12AM TeamTNT, a notable cryptojacking group, is launching a large-scale campaign targeting cloud environments to mine cryptocurrencies using compromised Docker daemons and servers. They deploy Sliver malware, offer breached computational power for rent, and have shifted tactics, indicating an evolving and mature illicit business model in the cybercrime landscape. ### Meeting … Read more
October 24, 2024 at 02:09AM The “Prometei” botnet, active since 2016, targets outdated software vulnerabilities globally, infecting over 10,000 computers. Its primary goal is cryptojacking, particularly of Monero cryptocurrency, while also enabling further malicious activities. Notably, it avoids Russian targets, reflecting a deliberate safeguarding of Russian-language accounts and systems. ### Meeting Takeaways on Prometei Botnet … Read more
October 23, 2024 at 10:36PM Trend Micro researchers report that attackers are exploiting exposed Docker Remote API servers to deploy perfctl cryptomining malware. These vulnerabilities allow unauthorized access and control over Linux servers. To mitigate risks, organizations should implement strong access controls, monitor for suspicious activities, and adhere to container security best practices. ### Meeting … Read more
October 23, 2024 at 09:09AM The Prometei botnet targets systems via brute force attacks for cryptocurrency mining and credential theft. Its modular malware exploits various vulnerabilities, including SMB and RDP. The investigation reveals its detailed installation and lateral movement tactics, emphasizing the significance of proactive detection and response through tools like Trend Vision One. ### … Read more
October 1, 2024 at 01:27AM Cybersecurity researchers have uncovered a new cryptojacking campaign targeting the Docker Engine API, enabling attackers to co-opt instances into a malicious Docker Swarm. The attacks leverage Docker for access, spawning a cryptocurrency miner, and orchestrating lateral movement to related hosts. The campaign also demonstrates the use of evolving malware and … Read more
September 19, 2024 at 10:30AM A recent report by Group-IB researchers reveals that the cryptojacking operation TeamTNT has reappeared, targeting Virtual Private Server infrastructures using CentOS. The attack involves SSH brute force, malicious script uploads, and deploying the Diamorphine rootkit for concealing processes and establishing remote access. TeamTNT, active since 2019, has unveiled a new … Read more
August 30, 2024 at 02:42AM Threat actors are exploiting a patched critical security flaw in Atlassian Confluence Data Center and Confluence Server to conduct illicit cryptocurrency mining. The flaw, CVE-2023-22527, allows unauthenticated attackers to achieve remote code execution. At least three different threat actors are exploiting this vulnerability using various methods. Users are advised to … Read more