As per the report, it is believed that several enterprise systems have been affected by a cryptocurrency-mining malware run by a group traced beneath the codename of Blue Mockingbird.
The cloud security firm Red canary first discovered this malware earlier this month, they stated that since 2019 the Blue Mockingbird group is assumed to be active.
According to researchers Blue Mockingbird attacks public-facing servers operating ASP.NET apps that utilize the Telerik framework for their user interface (UI) element. Hackers exploit various vulnerabilities to plant web shells on the attacked server.
Few attacks direct to Internal Networks
Red Canary specialists state that if the public-facing IIS servers are connected to a company’s internal network, the group also tries to reach inside through weakly-secured RDP (Remote Desktop Protocol) or SMB (Server Message Block) connections.
In an email interview earlier this month, Red Canary reported that they don’t have a complete picture of this botnet’s actions, but they assume the botnet created at least 1,000 infections so far, just from the short visibility they had.
A Red Canary spokesperson said the same as any security company, we have restricted clarity into the threat aspect and no way of truly knowing the whole extent of this threat.
This threat, in particular, has struck a really little percentage of the companies whose endpoints we monitor. But, we witnessed approximately 1,000 infections within those companies, and across a small amount of time.
Still, Red Canary tells the number of organizations affected could be much higher, and even organizations that consider being protected are at danger of attack.
Hazardous Telerik UI Vulnerability
Hazardous Telerik UI Vulnerability might be present on the newest versions of ASP.NET applications. Several companies could be exposed to attacks by the presence of the vulnerability.