Hackers Breach Over 50,000 Servers to Mine Crypto Using Sophisticated Tools

Hackers have breached more than 50,000 servers across the world to mine digital currencies employing uncommonly sophisticated tools, a new report stated.

Cybersecurity firm Guardicore Labs revealed on May 29 that the large-scale malware effort, called the “Nansh0u​ campaign,” has been implemented since February, and had been infecting more than 700 new victims a day. The attack generally targeted companies in the telecoms, healthcare, media, and IT industry.

Guardicore discovered 20 several malicious payloads in the malware over time, with new ones made “at least once a week” and implemented once they were made. The package also installed a rootkit that avoided the removal of the malware.

The company said it reached out to the hosting provider of the attack servers and the rootkit certificate issuer.

“As a result, the attack servers were taken down and the certificate was revoked,” it stated.

The cybersecurity company stated that the attack employed sophisticated tools similar to those used by nation states. This suggests elite digital weaponry is becoming increasingly available to cyber hackers.

According to the company, the package was also written in Chinese language tools and stored on Chinese language servers.

Guardicore stated:

“The Nansh0u campaign is not a typical crypto-miner attack. It uses techniques often seen in APTs [advanced persistent threats] such as fake certificates and privilege escalation exploits. While advanced attack tools have normally been the property of highly skilled adversaries, this campaign shows that these tools can now easily fall into the hands of less than top-notch attackers.”

The company stated that the campaign shows that strong credentials are important in protecting the assets of companies.

“This campaign demonstrates once again that common passwords still comprise the weakest link in today’s attack flows. Seeing tens of thousands of servers compromised by a simple brute-force attack, we highly recommend that organizations protect their assets with strong credentials as well as network segmentation solutions,” the report said.