Organizations in the health care, telecommunications, hospitality and education sectors are being targeted by the Indexsinas SMB worm, also known as NSABuffMiner, which leverages the weapons arsenal of the Equation Group to deploy cryptominers on impacted machines and aggressively use lateral movement to compromise its targets, according to a Guadicore Labs analysis reported by Threatpost.
"Propagation is achieved through the combination of an open-source port scanner and three Equation Group exploits – EternalBlue, DoublePulsar and EternalRomance. These exploits are used to breach new victim machines, obtain privileged access and install backdoors," researchers said.
Guadicore Labs also noted the Indexsinas attackers' measured tactics.
"The campaign has been running for years with the same command-and-control domain, hosted in South Korea. The [command-and-control] C2 server is highly protected, patched and exposes no redundant ports to the internet. The attackers use a private mining pool for their cryptomining operations, which prevents anyone from accessing their wallets’ statistics," researchers said.
Jill Aitoro leads editorial for SC Media, and content strategy for parent company CyberRisk Alliance. She 20 years of experience editing and reporting on technology, business and policy.
Only 3% of organizations around the world were reported to be completely ready to deal with increasingly sophisticated cybersecurity threats, including ransomware attacks and supply chain intrusions, reports SiliconAngle.
Severely lacking military coordination and recruitment for U.S. cybersecurity efforts have prompted the Foundation for Defense of Democracies to urge Congress to immediately advance an independent Cyber Force that would ensure the country's cyber defense readiness, according to The Record, a news site by cybersecurity firm Recorded Future.
Cyberespionage operations have been conducted by a pair of Chinese advanced persistent threat groups against organizations in countries part of the Association of Southeast Asian Nations since January, The Hacker News reports.