Hacker group Blue Mockingbird has broken into thousands of corporate servers to install a hidden miner, ZDNet reports.
Red Canary's cyber security experts claim hackers have exploited the CVE-2019-18935 vulnerability to install a web shell on the attacked servers. Then, they have used a version of the Juicy Potato technique to gain administrator-level access, access the systems and install the XMRRig program to mine Monero.
If the attackers have had access to the company's internal network, it is quite likely that other computers have also been infected.
Red Canary specialists have monitored about 1,000 server attacks, however, the total number of attacks may be a lot higher.
The CVE-2019-18935 vulnerability is considered to be very dangerous due to the fact that it has been successfully exploited by hackers several times so far. The only way to prevent this type of attacks is by blocking the exploitation of the vulnerability at the firewall level.
Analysts think Blue Mockingbird has been operational since December 2019.
Subscribe to our Telegram channel to stay up to date on the latest crypto and blockchain news.