Security News > 2022 > March > Unsecured Microsoft SQL, MySQL servers hit by Gh0stCringe malware
Hackers target poorly secured Microsoft SQL and MySQL database servers to deploy the Gh0stCringe remote access trojans on vulnerable devices.
In a new report today by cybersecurity firm AhnLab, researchers outline how the threat actors behind GhostCringe are targeting poorly secured database servers with weak account credentials and no oversight.
These attacks are similar to the Microsoft SQL server attacks we reported last February, which dropped Cobalt Strike beacons using the Microsoft SQL xp cmdshell command.
In addition to Gh0stCringe, AhnLab's report mentions the presence of multiple malware samples on the examined servers, indicating competing threat actors are breaching the same servers to drop payloads for their own campaigns.
Gh0stCringe RAT is a powerful malware that establishes a connection with the C2 server to receive custom commands or exfiltrate stolen information to the adversaries.
The malware will also monitor the keypresses for the last three minutes and send them with basic system and network information to the malware's command and control servers.
News URL
Related news
- Microsoft confirms Windows Server 2025 blue screen, install issues (source)
- VEILDrive Attack Exploits Microsoft Services to Evade Detection and Distribute Malware (source)
- Microsoft blames Windows Server 2025 automatic upgrades on 3rd-party tools (source)
- Microsoft fixes bugs causing Windows Server 2025 blue screens, install issues (source)
- Attackers Exploit Microsoft Teams and AnyDesk to Deploy DarkGate Malware (source)