New Blue Mockingbird Malware Infects Several Enterprise Systems

Must Read
Sienna Rowley
Sienna is an editor at Cloud Host News. She is an internet enthusiast, always eager to explore the latest trend in the tech space. In her free time, she is a modest family woman who loves traveling.

As per the report, it is believed that several enterprise systems have been affected by a cryptocurrency-mining malware run by a group traced beneath the codename of Blue Mockingbird.

The cloud security firm Red canary first discovered this malware earlier this month, they stated that since 2019 the Blue Mockingbird group is assumed to be active.

According to researchers Blue Mockingbird attacks public-facing servers operating ASP.NET apps that utilize the Telerik framework for their user interface (UI) element. Hackers exploit various vulnerabilities to plant web shells on the attacked server.

Few attacks direct to Internal Networks

Red Canary specialists state that if the public-facing IIS servers are connected to a company’s internal network, the group also tries to reach inside through weakly-secured RDP (Remote Desktop Protocol) or SMB (Server Message Block) connections.

In an email interview earlier this month, Red Canary reported that they don’t have a complete picture of this botnet’s actions, but they assume the botnet created at least 1,000 infections so far, just from the short visibility they had.

A Red Canary spokesperson said the same as any security company, we have restricted clarity into the threat aspect and no way of truly knowing the whole extent of this threat.

This threat, in particular, has struck a really little percentage of the companies whose endpoints we monitor. But, we witnessed approximately 1,000 infections within those companies, and across a small amount of time.

Still, Red Canary tells the number of organizations affected could be much higher, and even organizations that consider being protected are at danger of attack.

Hazardous Telerik UI Vulnerability

Hazardous Telerik UI Vulnerability might be present on the newest versions of ASP.NET applications. Several companies could be exposed to attacks by the presence of the vulnerability.

Looking for more Security News? news? Stay tuned for the latest update news, subscribe to our newsletter to get the latest and regular updates.

LEAVE A REPLY

Please enter your comment!
Please enter your name here

Latest News

Google rolls out the new Google Meet web app

As Gooogle rolls out the new Google Meet web app just a few days after zoom released one. Now,...

More Articles Like This