Malicious crypto miners compromise academic data centers

Academic data centers across Europe, North America, and China suffered a string of attacks that may have been carried out to mine Monero.
Updated on
February 27, 2023
Published on
May 22, 2020
Read time
Subscribe to the latest industry news, technologies and resources.

The Attack

  • In a possibly concerted string of attacks, malicious crypto miners target academic data centers across China, Europe, and North America, disrupting COVID-19 research.
  • EGI Computer Security Incident Response Team believes that the attacker moves from one victim to another using compromised SSH credentials, with intentions to mine Monero.
  • The targeted hosts are infected with malware and are altered to serve as:
    • XMR mining hosts (by running a hidden XMR binary)
    • XMR-proxy hosts; The attacker uses these hosts from the XMR mining hosts, to connect to other XMR-proxy hosts and eventually to the actual mining server.
    • SOCKS proxy hosts (running a microSOCKS instance on a high port) ; The attacker connects to these hosts via SSH, often from Tor. MicroSOCKS is used from Tor as well.
    • Tunnel hosts (SSH tunneling) ; The attacker connects via SSH (compromised account) and configure NAT PREROUTING (typically to access private IP spaces).

Get Global Threat Intelligence on Real Time

Protect your business from cyber threats with real-time global threat intelligence data.. 30-day free and No Commitment Trial.
Schedule a Demo
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.
Real time Threat Intelligence Data
More information and context about Underground Chatter
On-Demand Research Services
Related Intelligence Posts
No items found.