satori The Satori Botnet has been retasked to exploit cryptominers.

[hyp3rdriv3]

Bleeping Computer is reporting that the Satori botnet has been retasked to locate unpatched Claymore cryptominer rigs.

 

Quote

The operators of the Satori botnet are mass-scanning the Internet for exposed Ethereum mining rigs, according to three sources in the infosec community who've observed the malicious behavior —SANS ISC, Qihoo 360 Netlab, and GreyNoise Intelligence.

More precisely, crooks are scanning for devices with port 3333 exposed online, a port often used for remote management features by a large number of cryptocurrency-mining equipment.

 

Apparently unpatched rigs have a publicly exposed RPC port. The Satori botnet is currently searching for this port, then taking advantage of it by sending it a command that tells the rig "When I reboot, execute these commands.". then sending another RPC call to reboot. The commands sent change the rigs config to mine a pool under the control of the hackers.

 

This is actually a very smart attack vector. Generally speaking, many cryptominers who have enough money to buy these sort of rigs will use them until they have enough of a profit to afford the latest and greatest with a higher hash rate, then basically leave these on the rack to rot or until the data center unplugs them. I've encountered a few of these over the years working data center ops. So, if you can reconfigure enough of these older rigs that may or may not be used anymore, you can draw a serious revenue stream, which then the Satori botnet masters can turn around and use for R&D into new attack vectors. My hat's off to them, very smart.

 

https://www.bleepingcomputer.com/news/security/the-satori-botnet-is-mass-scanning-for-exposed-ethereum-mining-rigs/

[captain_to_fire]

OP must follow guidelines 

 

[hyp3rdriv3]

I'm not sure how this is a violation of the guidelines... it's tech news, and I couldn't find any hits on Google for this when I filtered for just LTT.

[Herman Mcpootis]

2 minutes ago, hyp3rdriv3 said:

I'm not sure how this is a violation of the guidelines... it's tech news, and I couldn't find any hits on Google for this when I filtered for just LTT.

maybe read the thread he linked and see what you forgot?

[hyp3rdriv3]

Just now, VegetableStu said:

you're almost there. you're just missing a quotebox with a short and concise/summised portion of the article

I caught it, thanks!

 

Edit: I thought I had pasted in the quote originally, but I forgot to Ctrl-V it. I'm one of those crazy people who leaps before looking lol

[Skiiwee29]

3 minutes ago, hyp3rdriv3 said:

I'm not sure how this is a violation of the guidelines... it's tech news, and I couldn't find any hits on Google for this when I filtered for just LTT.

its not that its not news, its that you didnt post it properly in the format laid out in the link provided on how to properly format your posts for news posts. 

[hyp3rdriv3]

Just now, Skiiwee29 said:

its not that its not news, its that you didnt post it properly in the format laid out in the link provided on how to properly format your posts for news posts. 

I caught it, I had the quote in my clipboard but I forgot to paste it. I'm the leap before looking type unfortunately.