The Nanshou Campaign - Hackers' Arsenal Grows Stronger

216.73.216.6

The Nanshou Campaign - Hackers' Arsenal Grows Stronger

· Published 16/09/2024 10:26 · Modified 16/09/2024 10:58

Essential information

Published: 16/09/2024 10:26
Modified: 16/09/2024 10:58
Tags: 2024-09-16 CVE-2014-4113 crypto-miner database servers kernel rootkit privilege-escalation smominru vulnerability exploitation
Related entities: 1 vulnerabilities (cve), 28 observables, 13 techniques (mitre), 1 malware, 4 others

Description

This comprehensive analysis details a sophisticated cyber campaign targeting over 50,000 Windows servers worldwide, primarily in the healthcare, telecommunications, media, and IT sectors. The campaign exploited vulnerabilities in MS-SQL and phpMyAdmin, dropping advanced payloads like crypto-miners and kernel rootkits. Notably, the attackers employed techniques typically associated with advanced persistent threats (APTs), such as fake certificates and privilege escalation exploits, suggesting broader access to sophisticated tools previously reserved for elite adversaries.

External references

https://otx.alienvault.com/pulse/66e807eab322b6b82acfb441