Security News > 2022 > March > Unsecured Microsoft SQL, MySQL servers hit by Gh0stCringe malware

Unsecured Microsoft SQL, MySQL servers hit by Gh0stCringe malware
2022-03-16 21:53

Hackers target poorly secured Microsoft SQL and MySQL database servers to deploy the Gh0stCringe remote access trojans on vulnerable devices.

In a new report today by cybersecurity firm AhnLab, researchers outline how the threat actors behind GhostCringe are targeting poorly secured database servers with weak account credentials and no oversight.

These attacks are similar to the Microsoft SQL server attacks we reported last February, which dropped Cobalt Strike beacons using the Microsoft SQL xp cmdshell command.

In addition to Gh0stCringe, AhnLab's report mentions the presence of multiple malware samples on the examined servers, indicating competing threat actors are breaching the same servers to drop payloads for their own campaigns.

Gh0stCringe RAT is a powerful malware that establishes a connection with the C2 server to receive custom commands or exfiltrate stolen information to the adversaries.

The malware will also monitor the keypresses for the last three minutes and send them with basic system and network information to the malware's command and control servers.


News URL

https://www.bleepingcomputer.com/news/security/unsecured-microsoft-sql-mysql-servers-hit-by-gh0stcringe-malware/

Related vendor

VENDOR LAST 12M #/PRODUCTS LOW MEDIUM HIGH CRITICAL TOTAL VULNS
Microsoft 365 50 1369 2820 161 4400