The cloud security firm Red Canary recently reported a cluster of malware threat activity tracked as Blue Mockingbird that is thought to have been active since December 2019. In that time, Red Canary reports that at least 1,000 servers have been infected with this malware, which consists of a webshell used to gain access to a network along with XMRig used to mine the Monero crypto currency on infected servers. The exploit used by this group to gain a foothold on the systems is none other than the infamous Telerik UI vulnerability (CVE-2019-18935), which has been listed by the US National Security Agency (NSA) and the Australian Cyber Security Centre (ACSC) as one of the most exploited vulnerabilities used to plant web shells on servers recently.
12 Essentials for a Successful SOC Partnership
As cyber threats continue to impact businesses of all sizes, the need for round-the-clock security