Logo

DOSarrest Vulnerability Testing and Optimization
Navigation
  • Home

Hex-Men Trio using compromised SQL servers to conduct mining, DDoS attacks

on December 20, 2017 |
Blocking DDoS DDoS DDoS Attack Specialist DDoS Attacks DDoS Defense DDoS Protection Specialist

A series of cyber campaigns, jointly known as the Hex-Men Trio, that specifically targeting SQL Servers in order to use them to conduct additional attacks has been identified by Guardicore Labs.

The three variants, Hex, Taylor and Hanako, first appeared in March 2017 on Guardicore’s sensor network and now conducts thousands of attacks per day targeting MS SQL Server and MySQL services, Guardicore reported. Once ensconced on a compromised server the attackers went to work having the computer conduct cryptocurrency mining operations, DDoS attacks and for implanting thousands of Remote Access Trojans.

“So far, we were able to identify three different campaigns launched from this infrastructure. The campaigns differ mostly in target goals. While Hex focuses on installing cryptocurrency miners and remote access trojans and Taylor installs a keylogger and a backdoor, Hanako uses its victims to build a DDoS botnet. So far, we have monitored hundreds of Hex and Hanako attacks and tens of thousands of Taylor attacks each month,” Guardicore said.

Guardicore believes a Chinese crime group is behind the attacks.

China has borne the brunt of the attacks with the United States, Thailand and Japan being the next favored targets. To help stay undetected each attack only targets a few IPs and each compromised server is only used for about a month before being retired.

The best defense against the Hex-Men Trio is to keep security up to date by installing patches and keep to a minimum the number of machines that have access to a database.

Source: https://www.scmagazine.com/hex-men-trio-using-compromised-sql-servers-to-conduct-mining-ddos-attacks/article/719523/

Share this story:
  • tweet

Recent Posts

  • As coronavirus cases surge, so do cyberattacks against the healthcare sector

    January 11, 2021 - 0 Comment
  • DDoS Attacks Remain a Serious Threat to Businesses Worldwide

    December 17, 2020 - 0 Comment
  • Teen who shook the Internet in 2016 pleads guilty to DDoS attacks

    December 10, 2020 - 0 Comment
Comments are closed.
DOSarrest ad

Keep updated with the latest DDoS Attacks

RSSSubscribe
  • Home
  • Latest News
  • Contact
  • Sitemap
© Copyright 2013. All Rights Reserved. Web Development by: 6folds Marketing