Security News > 2022 > May > Sysrv-K Botnet Targets Windows, Linux
Unpatched vulnerabilities in the Spring Framework and WordPress plugins are being exploited by cybercriminals behind the Sysrv botnet to target Linux and Windows systems.
The botnet variant is being called Sysrv-K by Microsoft Security Intelligence researchers that posted a thread on Twitter revealing details of the botnet variant.
"These vulnerabilities, which have all been addressed by security updates, include old vulnerabilities in WordPress plugins, as well as newer vulnerabilities like CVE-2022-22947. Once running on a device, Sysrv-K deploys a cryptocurrency miner," said Microsoft Security Intelligence in a tweet.
We encountered a new variant of the Sysrv botnet, known for exploiting vulnerabilities in web apps and databases to install coin miners on both Windows and Linux systems.
Microsoft advised the organizations to secure internet-facing Linux or Windows systems, timely apply security updates, and protect credentials.
"Microsoft Defender for Endpoint detects Sysrv-K and older Sysrv variants, as well as related behavior and payloads," they added.
News URL
https://threatpost.com/sysrv-k-botnet-targets-windows-linux/179646/
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-03-03 | CVE-2022-22947 | Expression Language Injection vulnerability in multiple products In spring cloud gateway versions prior to 3.1.1+ and 3.0.7+ , applications are vulnerable to a code injection attack when the Gateway Actuator endpoint is enabled, exposed and unsecured. | 10.0 |