Ransomware, Network Security, Threat Intelligence
Microsoft SQL servers worldwide subjected to Mimic ransomware attacks
Share
Misconfigured Microsoft SQL database servers in the U.S., Latin America, and the European Union have been targeted by a Turkish hacking operation with Mimic ransomware, also known as N3ww4v3, as part of the RE#TURGENCE attack campaign, reports BleepingComputer.
Brute-force attacks have been deployed to compromise the internet-exposed MSSQL servers, with attackers later leveraging system-stored xp_cmdshell procedure for privilege escalation, as well as a Cobalt Strike payload meant to be injected into the SndVol.exe process, a report from the Securonix Threat Research team revealed. Threat actors also facilitated the theft of clear text credentials and other network devices, as well as hacked domain controllers, via Mimikatz and the Advanced Port Scanner utility, before using AnyDesk to enable Mimic ransomware distribution.
"The analyzed threat campaign appears to end in one of two ways, either the selling of 'access' to the compromised host, or the ultimate delivery of ransomware payloads. The timeline for the events was about one month from initial access to the deployment of MIMIC ransomware on the victim domain," said researchers.
An In-Depth Guide to Ransomware
Get essential knowledge and practical strategies to protect your organization from ransomware attacks.
Related Events
Related Terms
ACK PiggybackingBackdoorBandwidthBastion HostBusiness Email Compromise (BEC)Drive-by DownloadDumpSecDynamic Routing ProtocolHybrid AttackReconnaissanceGet daily email updates
SC Media's daily must-read of the most current and pressing daily news