Security researchers have lifted the lid on a highly sophisticated globaloperation performing millions of attacks per day, including cryptocurrency mining, spamming and defacements.
Dubbed “KashmirBlack” by a team at Imperva, hundreds of thousands of compromised machines are controlled by a single command and( ) .
Active since around November 2019, it spreads by targeting an almost decade-old PHPUnit RCEin popular content management system (CMS) . Imperva warned that the pandemic has arguably created more potential victims for the , given that many businesses have been scrambling to create an online presence via such platforms.
The’s infrastructure is apparently more sophisticated than most, using DevOps techniques to drive agility and ensure new payloads and exploits can be added fairly easily.
This agility also means thecan rapidly change the repositories such as GitHub where it stores , as well as its infrastructure, which Imperva claimed recently migrated to Dropbox to hide its tracks.
In a sign of how alert the botherders are to potential outside disruption, Imperva claimed that they blocked access to itsservers in just three days after growing suspicious.
Indonesian web defacement cybercrime group PhantomGhost has been linked to the, the security vendor claimed.
“This is the first time we have been able to get visibility into how exactly alike this operates; an important discovery that will help the industry better understand how these nefarious groups evolve and sustain their activity,” said Ofir Shaty, Imperva security researcher and research co-author.
“The level of orchestration is remarkable. It’s a very polished operation using the latest
To read the original article: