Security News > 2022 > May > Sysrv-K Botnet Targets Windows, Linux

Sysrv-K Botnet Targets Windows, Linux
2022-05-17 13:53

Unpatched vulnerabilities in the Spring Framework and WordPress plugins are being exploited by cybercriminals behind the Sysrv botnet to target Linux and Windows systems.

The botnet variant is being called Sysrv-K by Microsoft Security Intelligence researchers that posted a thread on Twitter revealing details of the botnet variant.

"These vulnerabilities, which have all been addressed by security updates, include old vulnerabilities in WordPress plugins, as well as newer vulnerabilities like CVE-2022-22947. Once running on a device, Sysrv-K deploys a cryptocurrency miner," said Microsoft Security Intelligence in a tweet.

We encountered a new variant of the Sysrv botnet, known for exploiting vulnerabilities in web apps and databases to install coin miners on both Windows and Linux systems.

Microsoft advised the organizations to secure internet-facing Linux or Windows systems, timely apply security updates, and protect credentials.

"Microsoft Defender for Endpoint detects Sysrv-K and older Sysrv variants, as well as related behavior and payloads," they added.


News URL

https://threatpost.com/sysrv-k-botnet-targets-windows-linux/179646/

Related Vulnerability

DATE CVE VULNERABILITY TITLE RISK
2022-03-03 CVE-2022-22947 Expression Language Injection vulnerability in multiple products
In spring cloud gateway versions prior to 3.1.1+ and 3.0.7+ , applications are vulnerable to a code injection attack when the Gateway Actuator endpoint is enabled, exposed and unsecured.
network
low complexity
vmware oracle CWE-917
critical
10.0

Related vendor

VENDOR LAST 12M #/PRODUCTS LOW MEDIUM HIGH CRITICAL TOTAL VULNS
Linux 17 376 2474 1533 666 5049