Organizations in the health care, telecommunications, hospitality and education sectors are being targeted by the Indexsinas SMB worm, also known as NSABuffMiner, which leverages the weapons arsenal of the Equation Group to deploy cryptominers on impacted machines and aggressively use lateral movement to compromise its targets, according to a Guadicore Labs analysis reported by Threatpost.
"Propagation is achieved through the combination of an open-source port scanner and three Equation Group exploits – EternalBlue, DoublePulsar and EternalRomance. These exploits are used to breach new victim machines, obtain privileged access and install backdoors," researchers said.
Guadicore Labs also noted the Indexsinas attackers' measured tactics.
"The campaign has been running for years with the same command-and-control domain, hosted in South Korea. The [command-and-control] C2 server is highly protected, patched and exposes no redundant ports to the internet. The attackers use a private mining pool for their cryptomining operations, which prevents anyone from accessing their wallets’ statistics," researchers said.
Jill Aitoro is senior vice president of content strategy for CyberRisk Alliance. She has more than 20 years of experience editing and reporting on technology, business and policy. Prior to joining CRA, she worked at Sightline Media as editor of Defense News and executive editor of the Business-to-Government Group. She previously worked at Washington Business Journal and Nextgov, covering federal technology, contracting and policy, as well as CMP Media’s VARBusiness and CRN and Penton Media’s iSeries News.
In a blog post Sunday, Coinbase confirmed the company blocks over 25,000 addresses related to Russian individuals and entities due to illicit activity, a practice that was already happening prior to the Ukrainian invasion.
Deputy Attorney General Lisa Monaco announced a series of new Department of Justice cybercrime initiatives Thursday at the Munich Cyber Security Conference, including a new, centralized FBI unit to combat cryptocurrency-dependent crime.