Cryptomining Campaign Exploiting Grid Services

216.73.217.22

Cryptomining Campaign Exploiting Grid Services

· Published 30/07/2024 15:45 · Modified 30/07/2024 16:30

Essential information

Published: 30/07/2024 15:45
Modified: 30/07/2024 16:30
Tags: 2024-07-30 cryptomining grid selenium threat webdriver xmrig
Related entities: 14 observables, 7 techniques (mitre), 1 malware

Description

Wiz researchers discovered an ongoing threat campaign, dubbed 'SeleniumGreed', that exploits exposed Selenium Grid services for cryptomining. The campaign targets publicly accessible instances of Selenium Grid, an integral component of the widely used Selenium testing framework. By leveraging features of Selenium WebDriver API, the threat actor executes remote commands, deploys a modified XMRig miner, and employs various techniques to evade detection and maximize mining efforts.

External references

https://www.wiz.io/blog/seleniumgreed-cryptomining-exploit-attack-flow-remediation-steps
https://otx.alienvault.com/pulse/66a90a8245015353a8875aa7