Blue Mockingbird, a codename that infects enterprise systems
By MYBRANDBOOK
Blue Mockingbird, a hacker group is believed to infect thousands of enterprise systems, with a cryptocurrency mining malware. Malware analysts from cloud security firm Red Canary spotted this malware early this month, but the Blue Mockingbird group has been active since December 2019.
According to the researchers the Blue Mockingbird attacks public-facing servers that run on ASP.NET apps using the Telerik framework for their user interface (UI) component.
The hackers exploited the vulnerability dubbed as CVE-2019-18935 to insert a web shell on the attacked server. A version of the Juicy Potato technique was used to get admin-level access and modify server settings to obtain (re)boot persistence.
On attaining complete access to a system, the gang downloaded and installed a version of XMRRig, which is a popular cryptocurrency mining app for the Monero (XMR) cryptocurrency.
According to the ex gh weakly-secure RDP (Remote Desktop Protocol) or SMB (Server Message Block) connections.
The researchers do not have full details about the botnet’s operations, yet they believe that the botnet must have made at least 1,000 infections so far. They say that the number of companies affected could be much higher, and even companies that are considered to be safe are also at risk of attack.
The vulnerable Telerik UI component might be part of ASP.NET applications that are running on their latest versions. But the Telerik component might be outdated posing risk to the companies.
The Telerik UI CVE-2019-18935 vulnerability has been listed as one of the most exploited vulnerabilities used to plant web shells on servers.
In cases where the organizations do not have an option to update their vulnerable apps, they must ensure that they block exploitation attempts for CVE-2019-18935 at their firewall level. And if they do not have a web firewall, they must check for a compromise at the server and workstation level.
The government of India intends to construct a single portal f
A single portal will be launched by the Indian government to list all of it...
OpenAI offers GPT-4o, a faster model available to all users at
GPT-4o, a faster and more sophisticated AI model, is made available to all...
Paytm brings UPI Lite Wallet for low-value transactions
Paytm’s parent company One97 Communications (OCL) is emphasizing upon UP...
BHIM to join e-commerce, competing with PhonePe and Google Pay
The government-supported payment software BHIM is getting ready to join t...
TEJAS NETWORKS INDIA PVT. LTD.
JUVAS SOLUTIONS PVT. LTD.
AMARA RAJA POWER SYSTEMS LTD.
MICROMAX INFORMATICS LTD.
Technology Icons Of India 2023: Gautam Adani
Gautam Adani is the Founder and the Chairman of the Adani Group, an In...
Technology Icons Of India 2023: Anant Maheshwari
As President of Microsoft India, he is responsible for Microsoft’s o...
Technology Icons Of India 2023: Sunil Bharti Mittal
Sunil Bharti Mittal is the Founder and Chairman of Bharti Enterprises,...
HPCL is transforming the energy landscape, across the nation and beyond
HPCL is world-class energy company known for caring and delighting the...
DRDO is India's largest and most diverse research organisation
DRDO is the R&D wing of Ministry of Defence, Govt of India, with a vis...
RailTel connecting every corner of India
RailTel is an ICT provider and one of the largest neutral telecom infr...
SUPERTRON ELECTRONICS PVT. LTD.
Supertron deals in servers, laptops, components, accessories and is a...
WPG C&C COMPUTERS & PERIPHERALS PVT. LTD.
WPG C&C Computers & Peripherals (India) was incorporated in 2008 and ...
INFLOW TECHNOLOGIES PVT. LTD.
Inflow Technologies is a niche player in the IT Infrastructure Distrib...