Security News > 2022 > February > Vulnerable Microsoft SQL Servers targeted with Cobalt Strike

Vulnerable Microsoft SQL Servers targeted with Cobalt Strike
2022-02-22 18:08

Threat analysts have observed a new wave of attacks installing Cobalt Strike beacons on vulnerable Microsoft SQL Servers, leading to deeper infiltration and subsequent malware infections.

The attacks start with threat actors scanning for servers with an open TCP port 1433, which are likely public-facing MS-SQL servers.

The attacker then carries out brute-forcing and dictionary attacks to crack the password.

Once the attacker gains access to the admin account and logs into the server, the ASEC researchers have seen them drop coin-miners such as Lemon Duck, KingMiner, and Vollgar.

It's now used by Squirrelwaffle, Emotet, malware operators, opportunistic attacks, Linux-targeting groups, sophisticated adversaries, and commonly by ransomware gangs when conducting attacks.

AhnLab's data shows that all the download URLs and C2 server URLs that supported the recent attack wave point to the same attacker.


News URL

https://www.bleepingcomputer.com/news/security/vulnerable-microsoft-sql-servers-targeted-with-cobalt-strike/

Related vendor

VENDOR LAST 12M #/PRODUCTS LOW MEDIUM HIGH CRITICAL TOTAL VULNS
Microsoft 365 50 1369 2819 161 4399