Monero Hackers Turn Focus to Enterprise Networks

Monero’s prominence amongst hackers is beginning to grow, as new reports suggest that cryptojacking efforts with the asset have been on the upsurge. ZDNet reported yesterday that a group of hackers targeted thousands of enterprise computers to mine the privacy-focused digital asset.

Over 1,000 Networks Infected Already

Citing a report from cybersecurity firm Red Canary, ZDNet reported that Blue Mockingbird, a notable hacking group, has been pushing malware across thousands of enterprise systems. The hackers are reportedly targeting public-facing servers that run ASP.NET apps and use the Telerik as a crucial part of their user interface. 

The report explained that they’ve been able to find the CVE-2019-18935 vulnerability – a remote code execution flaw that allows them to plant web shells on victim servers. Once they gain access to the servers, they install XMRRig, a popular Monero mining application.

They also look for servers that are connected to the internal frameworks of their parent companies. If they find any, they can try pushing the malware on to all computers connected to the network and maximize mining capabilities.

“This threat, in particular, has affected a very small percentage of the organizations whose endpoints we monitor. However, we observed roughly 1,000 infections within those organizations, and over a short amount of time,” the cybersecurity firm said.

Monero is continuing to grow more popular amongst crypto and cybercriminals. With Bitcoin going more mainstream and losing its anonymity, Monero has provided a stable alternative. It’s a large-cap cryptocurrency on all rights, and it gives a higher degree of privacy than the top digital asset.

Since most exchanges provide easy Monero-to-Bitcoin conversions, hackers have shown a higher proclivity for the former.

European Universities Are Also at High Risk

Earlier this month, ZDNet also reported about the emergence of a string of supercomputer hacks, all with the purpose of mining Monero. The incidents reportedly happened across yGermans, Switzerland, and the United Kingdom. However, the news source also reported on an attack in a Spanish high-performance computer center. 

ZDNet confirmed that most of the attacks appeared to be centralized around universities and learning institutions. Some of the malware samples found were eventually taken to the Computer Security Incident Response Team, a pan-European supercomputer research association, as well as Cado Security – an American cybersecurity firm.

The latter explained that the hackers appeared to have stolen some SSH credentials belonging to university members in Poland, China, and Canada. Armed with these credentials, they were able to access supercomputer clusters and plant the malware.

“Once attackers gained access to a supercomputing node, they appear to have used an exploit for the CVE-2019-15666 vulnerability to gain root access and then deployed an application that mined the Monero cryptocurrency.” With security threats on the rise and hackers showing an affinity for Monero, it’s truly anyone’s guess how long this trial will go.