Security News > 2024 > July > Hackers attack HFS servers to drop malware and Monero miners
Hackers are targeting older versions of the HTTP File Server from Rejetto to drop malware and cryptocurrency mining software.
The researchers say that during the attacks the hackers collect information about the system, install backdoors and various other types of malware.
In many cases, the attackers terminate the HFS process after they add a new user to the administrators' group, to prevent other threat actors from using it.
AhnLab researchers note that they keep detecting attacks on version 2.3m of HFS. Because the server needs to be exposed online for the file sharing to be possible, hackers will like continue looking for vulnerable versions to attack.
The company provides a set of indicators of compromise in the report, which include hashes for the malware installed on breached systems, IP addresses for attacker command and control servers, and the download URLs for the malware used in the attacks.
Microsoft fixes Windows zero-day exploited in QakBot malware attacks.
News URL
Related news
- Hackers Leveraging Cloudflare Tunnels, DNS Fast-Flux to Hide GammaDrop Malware (source)
- New IOCONTROL malware used in critical infrastructure attacks (source)
- 390,000 WordPress accounts stolen from hackers in supply chain attack (source)
- FBI spots HiatusRAT malware attacks targeting web cameras, DVRs (source)
- Hackers Exploit Webview2 to Deploy CoinLurker Malware and Evade Security Detection (source)
- Hackers Use Microsoft MSC Files to Deploy Obfuscated Backdoor in Pakistan Attacks (source)
- APT29 Hackers Target High-Value Victims Using Rogue RDP Servers and PyRDP (source)
- Russian hackers use RDP proxies to steal data in MiTM attacks (source)
- Rspack npm Packages Compromised with Crypto Mining Malware in Supply Chain Attack (source)
- Apache Tomcat Vulnerability CVE-2024-56337 Exposes Servers to RCE Attacks (source)