A new crypto jacking campaign has been found using leaked NSA software. Cryptojacking, unauthorized use of a victim’s computer systems to mine for cryptocurrency, has been found on over 700 companies’ computer networks since March of this year. This new version, called Beapy by researchers, uses leaked hacking tools from an NSA breach that happened two years ago. Beapy relies on a user to open a malicious email; once opened it injects malware to the company’s network and spreads throughout as many computers as possible. Using the combined processing power of an organization’s computers, hackers are able to mine for large amounts of cryptocurrency and deposit it into the virtual wallet of their choice. A secondary threat with Beapy is that it also uses a credential stealer called “Mimikatz” which has the potential to steal users’ passwords and usernames across the infected network. In a single month, researchers estimate that an attacker can generate as much as $750,000 using this tactic. Cryptojacking runs in the background of a company’s network and has the potential of slowing down the entire network and eventually causing the physical machines to be overworked and worn out earlier than budgeted for.
Using Microsoft Sentinel to Detect Confluence CVE-2022-26134 Exploitation
By Akshay Rohatgi and Randy Pargman About this Student Research Project Binary Defense’s mission is