Security News > 2021 > January > SQL Server Malware Tied to Iranian Software Firm, Researchers Allege
Now, researchers with Sophos have tracked the origin of the campaign to what they claim is a small software development company based in Iran.
"The name of an Iran-based software company was hardcoded into the miner's main configuration file," said researchers with Sophos in a Thursday analysis.
A Microsoft SQL server process first launches a file called assm.
Researchers discovered a slew of records relating to the miner's configuration, its domains and IP addresses that pointed to a single point of origin: an small software company based in Iran.
One give away was that the server utilized to host the payloads for the campaign also hosted a domain, which is a website tied to the software company.
While many attackers target computers with their cryptomining malware, researchers stressed that database servers are an attractive target for attackers because they are used for resource-intensive processes and thus contain potent processing capability.
News URL
https://threatpost.com/sql-server-malware-tied-to-iranian-software-firm-researchers-allege/163230/
Related news
- New Perfctl Malware Targets Linux Servers for Cryptocurrency Mining and Proxyjacking (source)
- Researchers Uncover Hijack Loader Malware Using Stolen Code-Signing Certificates (source)
- Perfctl malware strikes again as crypto-crooks target Docker Remote API servers (source)
- Iranian Hackers Use "Dream Job" Lures to Deploy SnailResin Malware in Aerospace Attacks (source)
- Iranian Hackers Deploy WezRat Malware in Attacks Targeting Israeli Organizations (source)