A sweeping cyber campaign has been detected targeting internet service providers (ISPs) located in China and the West Coast of the United States, deploying malicious software designed to steal sensitive information and mine cryptocurrency.
Security researchers have uncovered evidence of attackers exploiting weak passwords to gain unauthorized access to thousands of ISP-owned IP addresses. The intrusions, originating from IP addresses linked to Eastern Europe, have resulted in the installation of various harmful programs on compromised systems.
The attackers have adopted a strategy of minimal disruption, aiming to remain undetected. They primarily utilize scripting languages like Python and PowerShell, allowing them to operate within restricted environments and leverage application programming interfaces (APIs) for command and control.
Once inside targeted networks, the malicious software is used to scan for vulnerabilities, steal data, and deploy XMRig cryptocurrency miners, effectively hijacking the victim’s computing power for illicit profit. A preparatory phase is also observed, in which security software features are disabled and services related to cryptocurrency miner detection are terminated.
The attackers’ tactics suggest a focus on stealth and persistence, utilizing readily available tools and exploiting existing vulnerabilities. The scale of the campaign and its focus on critical internet infrastructure raise concerns about potential widespread disruption and data breaches.
Stay tuned to DC Brief for further updates on this story and other technology developments.
