This comprehensive analysis details a sophisticated cyber campaign targeting over 50,000 Windows servers worldwide, primarily in the healthcare, telecommunications, media, and IT sectors. The campaign exploited vulnerabilities in MS-SQL and phpMyAdmin, dropping advanced payloads like crypto-miners and kernel rootkits. Notably, the attackers employed techniques typically associated with advanced persistent threats (APTs), such as fake certificates and privilege escalation exploits, suggesting broader access to sophisticated tools previously reserved for elite adversaries. Author: AlienVault
Related Tags:
kernel rootkit
database servers
vulnerability exploitation
cve-2014-4113
Smominru
privilege escalation
T1489
T1548
T1484
Associated Indicators:
61160793BB58203C29042D5348B6F96D3C4CEB79C2D0D82D7A022ED43A0DEC34
02EBDC1FF6075C15A44711CCD88BE9D6D1B47607FEA17BEF7E5E17F8DA35293E
8D47B08504DCF694928E12A6AA372E7FA65D0D6744429E808FF8E225AEFA5AF2
B9B6D6877E11DC90C9D9AC76C8D70A878A65F2F894B4908010ABF4E9B38940DC
E8BE61336323C2EFC612E101311913B945A5A3D2738DF92C4A62726DCE9EB705
B987DCC752D9CEB3B0E6CD4370C28567BE44B789E8ED8A90C41AA439437321C5
8E5C1840923633AF4DED41952420CC9DCD75AA376ABF38EC427173E25EA53648
D7EC3FCD80B3961E5BAB97015C91C843803BB915C13A4A35DFB5E9BDF556C6D3
350381C64073DA55023DB2796DE64DA7E53997B4A0EF76587B9F65F151DA9E39