Security News > 2024 > July > Hackers attack HFS servers to drop malware and Monero miners
Hackers are targeting older versions of the HTTP File Server from Rejetto to drop malware and cryptocurrency mining software.
The researchers say that during the attacks the hackers collect information about the system, install backdoors and various other types of malware.
In many cases, the attackers terminate the HFS process after they add a new user to the administrators' group, to prevent other threat actors from using it.
AhnLab researchers note that they keep detecting attacks on version 2.3m of HFS. Because the server needs to be exposed online for the file sharing to be possible, hackers will like continue looking for vulnerable versions to attack.
The company provides a set of indicators of compromise in the report, which include hashes for the malware installed on breached systems, IP addresses for attacker command and control servers, and the download URLs for the malware used in the attacks.
Microsoft fixes Windows zero-day exploited in QakBot malware attacks.
News URL
Related news
- Hackers Use MS Excel Macro to Launch Multi-Stage Malware Attack in Ukraine (source)
- Pakistani Hackers Use DISGOMOJI Malware in Indian Government Cyber Attacks (source)
- Ebury botnet malware infected 400,000 Linux servers since 2009 (source)
- Microsoft fixes Windows zero-day exploited in QakBot malware attacks (source)
- Ebury Botnet Malware Compromises 400,000 Linux Servers Over Past 14 Years (source)
- Kimsuky hackers deploy new Linux backdoor in attacks on South Korea (source)
- North Korean Hackers Exploit Facebook Messenger in Targeted Malware Campaign (source)
- Russian hackers use new Lunar malware to breach a European govt's agencies (source)
- Foxit PDF Reader Flaw Exploited by Hackers to Deliver Diverse Malware Arsenal (source)
- Iranian MOIS-Linked Hackers Behind Destructive Attacks on Albania and Israel (source)