Security News > 2020 > April > WARNING: Hackers Install Secret Backdoor on Thousands of Microsoft SQL Servers
Named "Vollgar" after the Vollar cryptocurrency it mines and its offensive "Vulgar" modus operandi, researchers at Guardicore Labs said the attack employs password brute-force to breach Microsoft SQL servers with weak credentials exposed to the Internet.
Researchers claim the attackers managed to successfully infect nearly 2,000-3,000 database servers daily over the past few weeks, with potential victims belonging to healthcare, aviation, IT & telecommunications, and higher education sectors across China, India, the US, South Korea, and Turkey.
Attack Infrastructure Hosted On Compromised Systems Guardicore said attackers held their entire infrastructure on compromised machines, including its primary command-and-control server located in China, which, ironically, was found compromised by more than one attack group.
Use Strong Passwords to Avoid Brute-Force Attacks With about half-a-million machines running MS-SQL database service, the campaign is yet another indication that attackers are going after poorly protected database servers in an attempt to siphon sensitive information.
"What makes these database servers appealing for attackers apart from their valuable CPU power is the huge amount of data they hold," Guardicore researchers concluded.
News URL
http://feedproxy.google.com/~r/TheHackersNews/~3/AaO1rKvJ0qM/backdoor-.html
Related news
- A Hacker's Era: Why Microsoft 365 Protection Reigns Supreme (source)
- Critical Zimbra RCE flaw exploited to backdoor servers using emails (source)
- North Korean Hackers Using New VeilShell Backdoor in Stealthy Cyber Attacks (source)
- Microsoft and DOJ disrupt Russian FSB hackers' attack infrastructure (source)
- Microsoft fixes Remote Desktop issues caused by Windows Server update (source)
- US, UK warn of Russian APT29 hackers targeting Zimbra, TeamCity servers (source)
- CISA: Hackers abuse F5 BIG-IP cookies to map internal servers (source)
- Microsoft deprecates PPTP and L2TP VPN protocols in Windows Server (source)
- Microsoft: Chinese hackers use Quad7 botnet to steal credentials (source)
- Microsoft confirms Windows Server 2025 blue screen, install issues (source)