Security News > 2020 > April > Vollgar Campaign Targets MS-SQL Servers With Backdoors, Crypto-Miners
A recently uncovered attack campaign that stayed under the radar since May 2018 has targeted Microsoft SQL servers with backdoors and crypto-miners, Guardicore Labs reveals.
Attacks begin with MS-SQL brute force login attempts and continue with a series of configuration changes to allow command execution.
All of the attacker's infrastructure was being held on the compromised machine, including the MS-SQL attack tool for IP scanning, brute-force, and remote command execution.
Remote control capabilities of the discovered C&C platforms include file download, new Windows service installation, keylogging, screen capturing, camera and microphone activation, interactive shell terminal, distributed denial-of-service attacks, and more.
On the infected machines, the attackers deploy an initial payload to eliminate competitors and fetch additional payloads, including multiple RAT modules and an XMRig-based crypto-miner to mine for Monero and an alt-coin named VDS, or Vollar.