Security analysts have uncovered a new malware campaign named “Nansh0u,” the new campaign infected company’s servers to use the processing power of a victim’s servers to mine for cryptocurrency. Researchers have identified approximately 50,000 servers worldwide that belong to in the healthcare, Media, telecommunications and IT fields that have been affected. The attackers are using port scanners to identify open ports, then they use brute force attack tools to gain access to the servers and give themselves administrator-level access, Once a successful hack has been completed, the attackers infect the server with malicious payloads that utilize the server for the crypto mining. Normally these style attacks were only carried out by highly skilled hackers but the tools being seen used appear to be available to less than top-notch hackers. It is believed that that this campaign originated in China due to the fact that the servers used to launch Nansh0u were based in China and that the log files and binaries have Chinese strings.
Written by: Nataliia Zdrok, Threat Intelligence Analyst at Binary Defense Russia’s invasion of Ukraine increased