1. Forum
  2. FidoNet
  3. CONSPRCY

  • Thousands of PostgreSQL s

    From Mike Powell@1:2320/105 to All on Wednesday, April 02, 2025 11:08:00
    Thousands of PostgreSQL servers are being hijacked to mine crypto

    Date:
    Wed, 02 Apr 2025 15:03:00 +0000

    Description:
    Hackers are hunting for misconfigured servers and those with weak passwords.

    FULL STORY

    Hackers are targeting misconfigured and publicly exposed PostgreSQL servers with cryptocurrency miners, rendering them practically unusable as they rake
    up the electricity bill for the victims, researchers have warned.

    Wiz Threat Research experts said the new attack was actually a variant of an already observed, ongoing campaign, as the threat actors (which they call JINX-0126) are targeting PostgreSQL instances configured with weak and guessable login credentials. Once they find them and log in, they deploy the XMRig-C3 cryptominer .

    XMRig is a hugely popular cryptominer, since it mines the Monero cryptocurrency, which is generally a lot more difficult to trace, compared to Bitcoin, or other mineable currencies.

    Mining Monero

    A cryptocurrency miner uses up almost all of the devices compute power, rendering it useless for pretty much anything else. This also means increased electricity consumption, which results in an inflated bill at the end of the month.

    Cybercriminals, on the other hand, get Monero sent directly into their
    wallets, which they can sell on the open market for US dollars, or any other cryptocurrency. In many cases, the money gets spent on other malicious campaigns.

    Wiz says that the campaign was first documented by researchers from Aqua Security, but it has since evolved.

    The threat actors have allegedly implemented additional defense mechanisms
    and are deploying the miner filelessly in order to evade being spotted.

    The researchers found that the threat actor assigned a unique mining worker
    to each victim, making it relatively easy to determine how many devices were likely compromised. Based on their analysis, the campaign likely impacted
    more than 1,500 devices.

    This suggests that misconfigured PostgreSQL instances are highly common, providing a low hanging fruit entry point for opportunistic threat actors to exploit, they said.

    Furthermore, our data shows that nearly 90% of cloud environments self-host PostgreSQL instances, of which a third have at least one instance that is publicly exposed to the internet.

    Via The Hacker News

    ======================================================================
    Link to news story: https://www.techradar.com/pro/security/thousands-of-postgresql-servers-are-bei ng-hijacked-to-mine-crypto

    $$
    --- SBBSecho 3.20-Linux
    * Origin: capitolcityonline.net * Telnet/SSH:2022/HTTP (1:2320/105)