The Ghost in the Machine: The Complete Dossier on TA-NATALSTATUS and the Cryptojacking Turf War
CloudSEK uncovered an advanced cryptojacking campaign by threat actor TA-NATALSTATUS, active since 2020 and now escalating globally in 2025. The group exploits exposed Redis servers in the US, Europe, Russia, India, and beyond, hijacking root access to install miners, disable defenses, and wipe out rivals. Their stealth tactics—binary hijacking, obfuscation, and persistence mechanisms—turn servers into long-term mining assets. CloudSEK advises immediate remediation, reimaging, and securing Redis instances.
Written by
Abhishek Mathew