Security News > 2022 > March > Unsecured Microsoft SQL, MySQL servers hit by Gh0stCringe malware
Hackers target poorly secured Microsoft SQL and MySQL database servers to deploy the Gh0stCringe remote access trojans on vulnerable devices.
In a new report today by cybersecurity firm AhnLab, researchers outline how the threat actors behind GhostCringe are targeting poorly secured database servers with weak account credentials and no oversight.
These attacks are similar to the Microsoft SQL server attacks we reported last February, which dropped Cobalt Strike beacons using the Microsoft SQL xp cmdshell command.
In addition to Gh0stCringe, AhnLab's report mentions the presence of multiple malware samples on the examined servers, indicating competing threat actors are breaching the same servers to drop payloads for their own campaigns.
Gh0stCringe RAT is a powerful malware that establishes a connection with the C2 server to receive custom commands or exfiltrate stolen information to the adversaries.
The malware will also monitor the keypresses for the last three minutes and send them with basic system and network information to the malware's command and control servers.
News URL
Related news
- Microsoft 365 apps crash on Windows Server after Office update (source)
- Microsoft fixes Office 365 apps crashing on Windows Server systems (source)
- Microsoft fixes Windows Server 2022 bug breaking device boot (source)
- Microsoft issues out-of-band fix for Windows Server 2022 NUMA glitch (source)
- Microsoft: Outdated Exchange servers fail to auto-mitigate security bugs (source)
- New Microsoft script updates Windows media with bootkit malware fixes (source)
- Microsoft says attackers use exposed ASP.NET keys to deploy malware (source)
- Hackers exploit Cityworks RCE bug to breach Microsoft IIS servers (source)
- DragonRank Exploits IIS Servers with BadIIS Malware for SEO Fraud and Gambling Redirects (source)
- FINALDRAFT Malware Exploits Microsoft Graph API for Espionage on Windows and Linux (source)