Infostealer Campaign against ISPs
NetmanageIT OpenCTI - opencti.netmanageit.com
SUMMARY :
A campaign targeting ISP infrastructure providers on the West Coast of the United States and China has been identified. Originating from Eastern Europe, the attackers use simple tools to abuse victims' computer processing power for cryptomining and credential theft. The initial access is gained through brute force attacks using weak credentials. The malware has diverse functions including data exfiltration, additional crimeware deployment, self-termination to avoid detection, persistence establishment, remote access disabling, and pivot attacks to targeted CIDRs. The actors perform minimal intrusive operations, relying on scripting languages and API calls for C2 operations. The campaign specifically targets ISP infrastructure, likely for cryptomining purposes.
OPENCTI LABELS :
infostealer,cryptomining,brute force,persistence,scripting
Open in NetmanageIT OpenCTI Public Instance with below link!
Use public read only username and password on login page.
NOTE : Use Public READ only user credentials on login page banner.
Infostealer Campaign against ISPs