Adrian Johnson
TLDR:
Researchers discovered that a ransomware actor exploited the proxy server of a CoinMiner attacker, leading to a chain of cyberattacks involving compromised infrastructures. The CoinMiner group’s proxy server was exposed, allowing the ransomware actor to gain admin access and distribute ransomware throughout the botnet and network, highlighting a new trend in which threat actors target each other’s infrastructure for more effective attacks.
Hackers can use proxy servers to hide their identities and access blocked websites or networks, making them anonymous.
The ransomware actor exploited the proxy server of a CoinMiner attacker, compromising the infrastructure and distributing ransomware throughout the network.
The attack demonstrated a new trend where threat actors target each other’s infrastructures for more effective cyberattacks.
Cybersecurity researchers at ASEC discovered that the ransomware actor exploited the proxy server of a CoinMiner attacker. The initial breach likely involved scanning for MS-SQL server administrator accounts and using xp_cmdshell to install a backdoor for downloading the CoinMiner malware. The ransomware actor then gained admin access via the proxy server and distributed ransomware throughout the botnet and network.
The CoinMiner group’s proxy server was exposed to an RDP scan attack launched by the ransomware actor, highlighting the risks of using compromised infrastructures for cyberattacks. The repeated access into the affected system attached to the proxy suggests that threat actors may intentionally target each other’s infrastructure for more effective attacks.
