- Hackers used a thousand of corporate servers to mine XMR.
- XMR/USD recovers from the recent low and ignores the hack news.
The hacker group Blue Mockingbird installed a hidden miner for the cryptocurrency Monero on at least a thousand corporate servers to install. The hacker group has been active since December 2019.
According to cybersecurity experts from Red Canary, hackers exploited the vulnerability CVE-2019-18935 of Telerik framework on public-facing servers running ASP.NET apps.
They also used Juicy Potato technique to gain full access to the web-server and install an XMRRig, a popular mining app for the Monero (XMR).
Moreover, if the server allowed access to other computers, they infected them as well.
Red Canary experts registered about a thousand attacks on the servers, but the total number of hacked machines may by much bigger.
Like any security company, we have limited visibility into the threat landscape and no way of accurately knowing the full scope of this threat. This threat, in particular, has affected a very small percentage of the organizations whose endpoints we monitor. However, we observed roughly 1,000 infections within those organizations, and over a short amount of time, the experts said in the interview to ZDNet.
The vulnerability CVE-2019-18935 is considered extremely dangerous because it has been successfully exploited by attackers several times. In most cases, the only way to prevent an attack is to block the exploitation of vulnerability at the firewall level.
XMR/USD stays calm
XMR/USD bottomed at $60.04 on Monday and recovered to $62.18 by press time. The privacy-focused coin sits on the 16th place in the global cryptocurrency rating with the capitalization of $1 billion. XMR/USD has gained 1.5% in the recent 24 hours and stayed mostly unchanged since the start of the day.
The initial resistance is created by 1-hour SMA50 at $62.50; however, a stronger barrier comes at $64.00 with 1-hour SMA200 located on approach. The pivotal support coincides with the psychological $60.00.