A campaign targeting ISP infrastructure providers on the West Coast of the United States and China has been identified. Originating from Eastern Europe, the attackers use simple tools to abuse victims' computer processing power for cryptomining and credential theft. The initial access is gained through brute force attacks using weak credentials. The malware has diverse functions including data exfiltration, additional crimeware deployment, self-termination to avoid detection, persistence establishment, remote access disabling, and pivot attacks to targeted CIDRs. The actors perform minimal intrusive operations, relying on scripting languages and API calls for C2 operations. The campaign specifically targets ISP infrastructure, likely for cryptomining purposes.