Over 50,000 MS-SQL, PHPMyAdmin servers infected in Nansh0u campaign

[silversurfer]

A fresh wave of attacks against MS-SQL and PHPMyAdmin servers has been detected across the globe, launched in the quest for cryptocurrency.
 
Over 50,000 servers belonging to organizations in healthcare, telecommunications, media, and IT have been infected, Guardicore Labs said on Wednesday.

Ophir Harpaz and Daniel Goldberg, researchers from Guardicore, said in a blog post that the so-called Nansh0u campaign is a sophisticated take on more primitive cryptocurrency mining attacks.
 
During the past two months, Guardicore has documented the compromise of Windows MS-SQL and PHPMyAdmin servers, originating on February 26, 2019. Over seven hundred victims per day were documented in some cases.
 
"The Nansh0u campaign is not a typical crypto-miner attack," the researchers say. "It uses techniques often seen in advanced persistent threats (APTs) such as fake certificates and privilege escalation exploits."

SOURCE: https://www.zdnet.com/article/over-50000...-campaign/