Nation-state threat actor deploying XMRig cryptomining malware
released on 2022-11-17 @ 11:13:28 AM
The US Department of Homeland Security (DHS) released a report on malware developed by a nation-sponsored threat actor group in the Middle East. The report describes how the threat actors exploited the Log4Shell vulnerability in an unpatched VMware Horizon server, installed XMRig crypto mining software, moved laterally to the domain controller (DC), compromised credentials, and then implanted Ngrok reverse proxies on several hosts to maintain persistence.