Web-based DNA sequencer applications are under attack from a mysterious hacker group using a still-unpatched zero-day to take control of targeted devices. Anubhav says the group, which operates from an Iran-based IP address, has been scanning the internet for dnaLIMS, a web-based application installed by companies and research institutes to handle DNA sequencing operations. Anubhav says the attackers are using this vulnerability to plant shells that allow them to control the underlying web server from remote locations. In the first, the attacker may be looking to exfiltrate hashes of DNA sequences from the application's database. Second, and the most plausible scenario, is that the attackers might be using the infected servers as part of a botnet, or using the shell to plant cryptocurrency miners on the hijacked systems. "This particular attack may not be useful for a script kiddie or a botnet operator," Anubhav said, pointing out that there are only between 35 and 50 such highly-complex DNA sequencer apps available online, a number far too small to build a botnet around.