Researchers from the ISC SANS group and the Anti-DDoS company Imperva discovered two distinct campaigns targeting Windows Server, Redis and Apache Solr servers online.
Last week new mining campaigns targeted unpatched Windows Server, Apache Solr, and Redis servers, attackers attempted to install the cryptocurrency miner
Coinminer.
Two campaigns were spotted by researchers from the ISC SANS group and the Anti-DDoS company Imperva.
The campaign observed by Imperva has been targeting Redis and Windows Server installs, the company tracked the operation as
RedisWannaMine.
Crooks are conducting an Internet mass-scanning for systems running outdated Redis versions, the attackers attempt to trigger the CVE-2017-9805 vulnerability.
“This week we saw a new generation of cryptojacking
attacks aimed at bothdatabase
servers and application servers. We dubbed one of these attacks RedisWannaMine.” reads the blog post published by Imperva.
“RedisWannaMine is more complex in terms of evasion techniques and capabilities. It demonstrates a worm-like behavior combined with advanced exploits to increase the attackers’ infection rate and fatten their wallets.”
RedisWannaMine executes a script to download a publicly available tool, dubbed
masscan, that is stored on Github repository, then compiles and installs it.
..
..
..
