Datacenter and cloud security company Guardicore has reported that a botnet is executing a thorough campaign to hack Microsoft SQL servers, across the world and forcing those to mine Monero and Voller.
The campaign named Vollgar has been active since May 2018 – affecting early 3000 such machines on a daily basis. The report suggests that the worst-hit country is China, with other countries like India, the United States, South Korea, and Turkey being affected as well. Guardicore stated, “During its two years of activity, the campaign’s attack flow has remained similar—thorough, well-planned, and noisy,”
How does it work?
As a part of the campaign, attackers have aggressively claimed possession of the hijacked machines. The botnet attacks the machines using brute force login, manipulates a couple of settings to download malware and then eliminates any possibility of the machine enabling other counter-malware. Through this process, the botnet gets hold of the maximum machine capability to mine cryptocurrency.
This malicious botnet has affected servers across various industry genres including health care, aviation, IT, telecoms and education.
Guardicore has published a script on Github to help companies to identify if their servers are affected or not.
Monero has been marked out specifically by botnets. Most of these botnets get hold of infected machines to mine Monero. Recently, a security researcher came across a Monero-mining hub on a United States Department of Defense server. In 2019, a popular botnet named Stantinko botnet was found to be using YouTube to inject Monero mining modules on relevant computers.