Security News > 2020 > April > Cyberscum target Microsoft SQL Server boxen – and some careless sysadmins were reinfected after cleaning it out
"The Vollgar attack chain also demonstrates the competitive nature of the attacker, who diligently and thoroughly kills other threat actors' processes," the firm said in a statement.
Lead researcher Ophir Harpaz said in a research report: "Overall, Vollgar attacks originated in more than 120 IP addresses, the vast majority of which are in China. These are most likely compromised machines, repurposed to scan and infect new victims."
Worse, around 10 per cent of the machines observed by Harpaz and her team were reinfected by Vollgar's operators - suggesting sysadmins may not be taking routine infosec hygiene as seriously as they perhaps ought to be.
Vollgar's two main attack methods are planting cryptominers to create virtual currency through stealing compute resources, and planting remote-access tools.
Guardicore Labs is also providing a free Powershell detection script aiding detection of Vollgar's tracks on infected machines, the outfit said.