Logo

DOSarrest Vulnerability Testing and Optimization
Navigation
  • Home

Hex-Men Trio using compromised SQL servers to conduct mining, DDoS attacks

on December 20, 2017 |
Blocking DDoS DDoS DDoS Attack Specialist DDoS Attacks DDoS Defense DDoS Protection Specialist

A series of cyber campaigns, jointly known as the Hex-Men Trio, that specifically targeting SQL Servers in order to use them to conduct additional attacks has been identified by Guardicore Labs.

The three variants, Hex, Taylor and Hanako, first appeared in March 2017 on Guardicore’s sensor network and now conducts thousands of attacks per day targeting MS SQL Server and MySQL services, Guardicore reported. Once ensconced on a compromised server the attackers went to work having the computer conduct cryptocurrency mining operations, DDoS attacks and for implanting thousands of Remote Access Trojans.

“So far, we were able to identify three different campaigns launched from this infrastructure. The campaigns differ mostly in target goals. While Hex focuses on installing cryptocurrency miners and remote access trojans and Taylor installs a keylogger and a backdoor, Hanako uses its victims to build a DDoS botnet. So far, we have monitored hundreds of Hex and Hanako attacks and tens of thousands of Taylor attacks each month,” Guardicore said.

Guardicore believes a Chinese crime group is behind the attacks.

China has borne the brunt of the attacks with the United States, Thailand and Japan being the next favored targets. To help stay undetected each attack only targets a few IPs and each compromised server is only used for about a month before being retired.

The best defense against the Hex-Men Trio is to keep security up to date by installing patches and keep to a minimum the number of machines that have access to a database.

Source: https://www.scmagazine.com/hex-men-trio-using-compromised-sql-servers-to-conduct-mining-ddos-attacks/article/719523/

Share this story:
  • tweet

Recent Posts

  • OpenSSL fixes severe DoS, certificate validation vulnerabilities

    March 29, 2021 - 0 Comment
  • Acer Reportedly Hit With $50M Ransomware Attack

    March 24, 2021 - 0 Comment
  • REvil ransomware gang claims over $100 million profit in a year

    March 10, 2021 - 0 Comment
Comments are closed.
DOSarrest ad

Keep updated with the latest DDoS Attacks

RSSSubscribe
  • Home
  • Latest News
  • Contact
  • Sitemap
© Copyright 2013. All Rights Reserved. Web Development by: 6folds Marketing