Threat Actors' Systems Can Also Be Exposed and Used by Other Threat Actors
Essential information
- Published
- 06/06/2024 07:22
- Modified
- 06/06/2024 08:06
- Tags
- 2024-06-06 backdoor.oldrea botnet coinminer havex phobos proxy ransomware rdp
- Related entities
- 34 observables, 11 techniques (mitre), 5 malware
Description
This report discusses a case where a CoinMiner threat actor's proxy server, used to access an infected botnet, became the target of a ransomware threat actor's Remote Desktop Protocol (RDP) scan attack. The ransomware threat actor successfully breached the proxy server and distributed ransomware to the CoinMiner's botnet. The report analyzes the sequence of events and explores the possibility of the attack being intentional or accidental.