A Juniper researcher discovered that Sysrv botnet, a new cryptomining worm, is targeting Windows and Linux devices via multiple new capabilities and exploits, reports Ars Technica. This malware spreads from one device to another by using the internet to look for vulnerable devices and infecting them without any user action. Sysrv also has a cryptominer that creates the Monero digital currency through the infected devices. Developers redesigned the malware last month to create a single binary that combines both the worm and the miner, as well as enabling the malware script to add SSH keys that would increase its survival during reboots and to add more sophisticated features. “Based on the binaries we have seen and the time when we have seen them, we found that the threat actor is constantly updating its exploit arsenal,” said researcher Paul Kimayong. The mining pools that can be used by the infected devices were also changed by the malware developers. “Combined together, they almost have 50% of the network hash rate. The threat actor’s criteria appears to be top mining pools with high reward rates,” Kimayong wrote.
Jill Aitoro leads editorial for SC Media, and content strategy for parent company CyberRisk Alliance. She 20 years of experience editing and reporting on technology, business and policy.
More details regarding state and local governments' vulnerability assessment measures have been sought by Deputy National Security Advisor for Cyber and Emerging Technologies.
Included in the sanctioned firms are cryptocurrency exchanges Bitpapa IC FZC LLC and Obshchestvo S Ogranichennoy Otvetstvennostyu Tsentr Obrabotki Elektronnykh Platezhey, or TOEP, both of which supported money laundering efforts by Hydra Market.
Wuhan XRZ, a tech firm suspected to be linked to Chinese state-sponsored threat group APT31, and seven other individuals have been sanctioned and indicted by the U.S. for their involvement in a widespread operation targeting U.S. officials and U.S.-based dissidents.