Security News > 2024 > July > Hackers attack HFS servers to drop malware and Monero miners
Hackers are targeting older versions of the HTTP File Server from Rejetto to drop malware and cryptocurrency mining software.
The researchers say that during the attacks the hackers collect information about the system, install backdoors and various other types of malware.
In many cases, the attackers terminate the HFS process after they add a new user to the administrators' group, to prevent other threat actors from using it.
AhnLab researchers note that they keep detecting attacks on version 2.3m of HFS. Because the server needs to be exposed online for the file sharing to be possible, hackers will like continue looking for vulnerable versions to attack.
The company provides a set of indicators of compromise in the report, which include hashes for the malware installed on breached systems, IP addresses for attacker command and control servers, and the download URLs for the malware used in the attacks.
Microsoft fixes Windows zero-day exploited in QakBot malware attacks.
News URL
Related news
- Chinese FamousSparrow hackers deploy upgraded malware in attacks (source)
- Hackers Abuse Russian Bulletproof Host Proton66 for Global Attacks and Malware Delivery (source)
- Chinese hackers behind attacks targeting SAP NetWeaver servers (source)
- Hackers Repurpose RansomHub's EDRKillShifter in Medusa, BianLian, and Play Attacks (source)
- North Korean hackers adopt ClickFix attacks to target crypto firms (source)
- Outlaw Group Uses SSH Brute-Force to Deploy Cryptojacking Malware on Linux Servers (source)
- Open-source malware doubles, data exfiltration attacks dominate (source)
- Microsoft Warns of Tax-Themed Email Attacks Using PDFs and QR Codes to Deliver Malware (source)
- OPSEC Failure Exposes Coquettte’s Malware Campaigns on Bulletproof Hosting Servers (source)
- North Korean Hackers Deploy BeaverTail Malware via 11 Malicious npm Packages (source)