Security News > 2020 > April > Cyberscum target Microsoft SQL Server boxen – and some careless sysadmins were reinfected after cleaning it out
"The Vollgar attack chain also demonstrates the competitive nature of the attacker, who diligently and thoroughly kills other threat actors' processes," the firm said in a statement.
Lead researcher Ophir Harpaz said in a research report: "Overall, Vollgar attacks originated in more than 120 IP addresses, the vast majority of which are in China. These are most likely compromised machines, repurposed to scan and infect new victims."
Worse, around 10 per cent of the machines observed by Harpaz and her team were reinfected by Vollgar's operators - suggesting sysadmins may not be taking routine infosec hygiene as seriously as they perhaps ought to be.
Vollgar's two main attack methods are planting cryptominers to create virtual currency through stealing compute resources, and planting remote-access tools.
Guardicore Labs is also providing a free Powershell detection script aiding detection of Vollgar's tracks on infected machines, the outfit said.
News URL
Related news
- Hijacked Microsoft web domain injects spam into SharePoint servers (source)
- Microsoft fixes auth issues on Windows Server, Windows 11 24H2 (source)
- Microsoft: Windows Server 2025 restarts break connectivity on some DCs (source)
- Microsoft fixes Windows Server 2025 blue screen, install issues (source)
- Oh, cool. Microsoft melts bug that froze Server 2025 Remote Desktop sessions (source)
- Microsoft pitches pay-to-patch reboot reduction subscription for Windows Server 2025 (source)
- Microsoft: Windows Server hotpatching to require subscription (source)
- Microsoft: April updates cause Windows Server auth issues (source)