The Kryptojag group hackers hacking hundreds of crypto extraction devices

Crypto Currency

Published on:

The Ghouls librarian hackers group threatened hundreds of Russian devices and used them to extract cryptocurrencies in an apparent cryptojacking case, says the Kaspersky Cyber ​​security company.

A group of hackers, also known as a infrequent werewolf. he said In the report from Monday.

Evil actors can access devices to steal resources, such as computing power and mine. Source: Cointelegraph

Hackers assume information about the device before mining

After infection of the computer with malicious software, hackers set a remote connection and turn off safety systems such as Windows Defender.

The infected device is also programmed to turn on at 1 am and closure at 5 am, and hackers exploit time frames to further establish unauthorized remote access and theft of login certificates.

“It is our assessment that the attackers use this technique to cover their works so that the user remains unaware that his device has been kidnapped,” said Kaspersky.

Then they steal login certificates, and also collect information about the available framework device, processor and GPU cores to optimally configure the cryptographic miner before its implementation.

During the work of Górnik, hackers maintain a connection to the mining pool, sending a request every 60 seconds, according to Kaspersky.

“We observe that the attackers constantly improve their tactics, including not only lecturing data, but also the implementation of remote access tools and using phishing sites to compromise the E -Mail account,” said the company.

Kryptojak campaign lasting since 2024

Until now, the hacker campaign, which began in December and continues, influenced hundreds of Russian users, especially industrial enterprises and engineering schools, and additional victims reported in Belarus and Kazakhstan.

The group’s origin has not been established; However, Kaspersky said that phishing emails are “submitted in Russian and contain archives with Russian file names, as well as Russian-speaking lure documents.”

Related: Ukraine arrests man for violating the hosting account to the Crypto mine

“He suggests that the main goals of this campaign are probably based on Russia or say Russian,” said Kaspersky.

Ghule librarians can be hacktivists

Kaspersky speculates that Ghula librarians can be hackers who exploit hacking as a form of civic disobedience to promote a political program, due to the exploit of techniques commonly related to similar groups, such as relying on legal third software.

“A characteristic feature of this threat is that the attackers favor justified third parties software over developing their own malicious binaria,” said Kaspersky.

It is not known how long the group was dynamic, but another Russian company cyber security, BI. ZONE he said In the report of November 23 that a infrequent werewolf has existed since at least 2019.

Warehouse: Coinbase Hack shows that the law probably will not protect you: Here’s why

Related

Leave a Reply

Please enter your comment!
Please enter your name here

theblockchainbeat.com
theblockchainbeat.comhttp://theblockchainbeat.com

© Copyright 2024. All Right Reserved By The Blockchain Beat