A cryptojacking campaign uses NSA's leaked DoublePulsar backdoor and the EternalBlue exploit to spread a file-based cryptocurrency malware on enterprise networks in China.
Dubbed Beapy by researchers at Symantec, the campaign was reported by other security companies before. Qihoo 360's research team
published details about it and a Trend Micro report followed in mid-April.
However, information from Symantec adds details about the type of victims and attacker's motivation to use a file-based coinminer instead of the easier to deploy browser-based alternative.
Focus on enterprise
The researchers saw the first signs of Beapy in January and that it "is most heavily affecting enterprises in Asia, with more than 80 percent of its victims located in China, with other victims in South Korea, Japan, and Vietnam."
Almost all of its activity focuses on enterprise environments, this sector recording a 98% infection rate.