Contact

The Nanshou Campaign - Hackers' Arsenal Grows Stronger

NetmanageIT OpenCTI - opencti.netmanageit.com

The Nanshou Campaign - Hackers' Arsenal Grows Stronger



SUMMARY :

This comprehensive analysis details a sophisticated cyber campaign targeting over 50,000 Windows servers worldwide, primarily in the healthcare, telecommunications, media, and IT sectors. The campaign exploited vulnerabilities in MS-SQL and phpMyAdmin, dropping advanced payloads like crypto-miners and kernel rootkits. Notably, the attackers employed techniques typically associated with advanced persistent threats (APTs), such as fake certificates and privilege escalation exploits, suggesting broader access to sophisticated tools previously reserved for elite adversaries.

OPENCTI LABELS :

privilege escalation,vulnerability exploitation,smominru,cve-2014-4113,database servers,kernel rootkit,crypto-miner


Open in NetmanageIT OpenCTI Public Instance with below link!


Use public read only username and password on login page.

NOTE : Use Public READ only user credentials on login page banner.


The Nanshou Campaign - Hackers' Arsenal Grows Stronger