The cloud security firm Red Canary recently reported a cluster of malware threat activity tracked as Blue Mockingbird that is thought to have been active since December 2019. In that time, Red Canary reports that at least 1,000 servers have been infected with this malware, which consists of a webshell used to gain access to a network along with XMRig used to mine the Monero crypto currency on infected servers. The exploit used by this group to gain a foothold on the systems is none other than the infamous Telerik UI vulnerability (CVE-2019-18935), which has been listed by the US National Security Agency (NSA) and the Australian Cyber Security Centre (ACSC) as one of the most exploited vulnerabilities used to plant web shells on servers recently.
Watch the Video
How does Binary Defense help protect your organization? With best in breed cybersecurity tactics, techniques, and services, we make sure that your environment is secure against the most advanced attacks.