The malicious actors who installed and ran a cryptocurrency mining operation on hacked Tesla ASW servers and Jenkins servers is now targeting servers running Linux and has so far generated more than $74,000 in Monero.
The new campaign uses the legitimate, open-source XMRig cryptominer in conjunction with exploiting the old vulnerability CVE-2013-2618, which is found in Cacti’s Network Weathermap plug-in, according to a Trend Micro Cyber Safety Solutions Team report. The vulnerability is a cross-site scripting vulnerability in editor.php in Network Weathermap before 0.97b and allows remote attackers to inject arbitrary web script or HTML via the map_title parameter.
This active campaign is hitting targets primarily in active campaign, primarily affecting Japan, Taiwan, China, the U.S., and India.
“As to why they’re exploiting an old security flaw: Network Weathermap only has two publicly reported vulnerabilities so far, both from June 2014. It’s possible these attackers are taking advantage not only of a security flaw for which an exploit is readily available but also of patch lag that occurs in organizations that use the open-source tool” the team wrote.
Trend Micro was able to trace the activity back to two usernames associated with two Monero wallets where $74,677 has been deposited as of March 21.
The post Hackers #exploit old #flaw to turn #Linux #servers into #cryptocurrency miners appeared first on National Cyber Security Ventures.
View full post on National Cyber Security Ventures
Sponsored Link: http://youtube.com/no1hacker