Security News > 2021 > January > SQL Server Malware Tied to Iranian Software Firm, Researchers Allege

SQL Server Malware Tied to Iranian Software Firm, Researchers Allege
2021-01-21 19:42

Now, researchers with Sophos have tracked the origin of the campaign to what they claim is a small software development company based in Iran.

"The name of an Iran-based software company was hardcoded into the miner's main configuration file," said researchers with Sophos in a Thursday analysis.

A Microsoft SQL server process first launches a file called assm.

Researchers discovered a slew of records relating to the miner's configuration, its domains and IP addresses that pointed to a single point of origin: an small software company based in Iran.

One give away was that the server utilized to host the payloads for the campaign also hosted a domain, which is a website tied to the software company.

While many attackers target computers with their cryptomining malware, researchers stressed that database servers are an attractive target for attackers because they are used for resource-intensive processes and thus contain potent processing capability.


News URL

https://threatpost.com/sql-server-malware-tied-to-iranian-software-firm-researchers-allege/163230/