Researchers have uncovered an ongoing crypto jacking campaign, wherein attackers use NSA hacking tools to compromise vulnerable computers of businesses across the globe.
What are the NSA hacking tools used in this campaign?
While Microsoft patched the security flaws in Windows machines that were exploited by these tools, there are still a lot of unpatched computers that are vulnerable to such attacks.
Who are the targets?
This Cryptojacking campaign targets organizations with unpatched systems across the world, with China being the most targeted country, followed by India, Vietnam, Thailand, and Indonesia, among others.
More details on the campaign
Researchers from TrendMicro found out that the compromised machines targeted in this campaign are a part of organizations’ internal network systems and attackers are using the ‘Shotgun’ attack method to compromise the machines.
Researchers observed almost 80 variants of XMRig monero miner which were detected as either Coinminer.Win32.MALXMR.SMBM4 or Coinminer.Win64.TOOLXMR.SMA.
“Since we began tracking it in March 2019, we found more than 80 different files in the wild that are involved in the campaign based on their hashes. All these files are variants of the open-source XMRig (Monero) miner, which is used at scale by numerous cybercriminals worldwide. These variants are detected as either Coinminer.Win32.MALXMR.SMBM4 or Coinminer.Win64.TOOLXMR.SMA,” researchers said in a blog.