Menu

  • Alerts
  • Incidents
  • News
  • APTs
  • Cyber Decoded
  • Cyber Hygiene
  • Cyber Review
  • Cyber Tips
  • Definitions
  • Malware
  • Threat Actors
  • Tutorials

Useful Tools

  • Password generator
  • Report an incident
  • Report to authorities
No Result
View All Result
CTF Hack Havoc
CyberMaterial
  • Education
    • Cyber Decoded
    • Definitions
  • Information
    • Alerts
    • Incidents
    • News
  • Insights
    • Cyber Hygiene
    • Cyber Review
    • Tips
    • Tutorials
  • Support
    • Contact Us
    • Report an incident
  • About
    • About Us
    • Advertise with us
Get Help
Hall of Hacks
  • Education
    • Cyber Decoded
    • Definitions
  • Information
    • Alerts
    • Incidents
    • News
  • Insights
    • Cyber Hygiene
    • Cyber Review
    • Tips
    • Tutorials
  • Support
    • Contact Us
    • Report an incident
  • About
    • About Us
    • Advertise with us
Get Help
No Result
View All Result
Hall of Hacks
CyberMaterial
No Result
View All Result
Home Alerts

Researchers Find Spoofing in Major Browsers

June 5, 2024
Reading Time: 3 mins read
in Alerts
Researchers Find Spoofing in Major Browsers

Hackers often use proxy servers to hide their identities and access restricted networks. These servers, when compromised, can be exploited to launch cyberattacks, distribute malware, and conduct illegal activities while masking the true origin of the traffic. Cybersecurity researchers recently identified a case where a ransomware actor exploited the proxy server of a CoinMiner attacker. This proxy server, initially set up by the CoinMiner group to control an infected botnet, became a target for the ransomware actor’s RDP scan attack.

The CoinMiner group had initially breached the server by scanning for MS-SQL administrator accounts and using xp_cmdshell to install a backdoor, downloading CoinMiner malware from a command-and-control server. However, their reverse RDP proxy server, set up using a modified Fast Reverse Proxy tool, was left exposed. This exposure allowed the ransomware actor to gain administrative access through RDP port scanning and brute force attacks. Once inside, the ransomware actor moved laterally, spreading ransomware throughout the CoinMiner botnet and network.

Two hypotheses explain the ransomware actor’s attack on the proxy server. It could have been an accidental target during the ransomware actor’s scan for exposed RDP ports, or it could have been a deliberate attack on previously compromised systems known to have vulnerabilities. The repeated access to the affected system suggests the ransomware actor might have recognized the compromised state of the CoinMiner infrastructure.

This incident highlights an emerging trend where cyber attackers infiltrate rival groups’ infrastructures to enhance their attacks. Such actions complicate attribution and defense efforts, as threat actors increasingly leverage each other’s compromised systems and resources. As these cases become more common, the cybersecurity landscape may see more intentional hacking between different hacker groups, significantly complicating threat management and mitigation strategies.

Reference:

  • Mobile Browsers Hit by Major Address Bar Spoofing Flaws
Tags: CoinMinerCyber AlertsCyber Alerts 2024Cyber RiskCyber threatHackerJune 2024MalwareMS SQL
ADVERTISEMENT

Related Posts

Glibc Flaw Gives Linux Root Access Risk

Mozilla Urgent Firefox Patch Fixes RCE Flaws

May 19, 2025
Fileless Remcos RAT Delivery Via LNK Files

ModiLoader Malware Targets Windows Users

May 19, 2025
Glibc Flaw Gives Linux Root Access Risk

Glibc Flaw Gives Linux Root Access Risk

May 19, 2025
Fileless Remcos RAT Delivery Via LNK Files

APT28 RoundPress Webmail Hack Steals Emails

May 16, 2025
Fileless Remcos RAT Delivery Via LNK Files

FBI Warns of AI Voice Phishing Scams

May 16, 2025
Fileless Remcos RAT Delivery Via LNK Files

Fileless Remcos RAT Delivery Via LNK Files

May 16, 2025

Latest Alerts

Mozilla Urgent Firefox Patch Fixes RCE Flaws

ModiLoader Malware Targets Windows Users

Glibc Flaw Gives Linux Root Access Risk

Fileless Remcos RAT Delivery Via LNK Files

FBI Warns of AI Voice Phishing Scams

APT28 RoundPress Webmail Hack Steals Emails

Subscribe to our newsletter

    Latest Incidents

    Massive DDoS Hits Poland’s Civic Platform

    Arla Plant Cyberattack Halts Operations

    Georgia’s Harbin Clinic Hit by Data Breach

    Hackers Target Swiss Reserve Power Plant

    Coinbase Insider Attack Exposed User Data

    Cyberattack Hits J Batista Group

    CyberMaterial Logo
    • About Us
    • Contact Us
    • Jobs
    • Legal and Privacy Policy
    • Site Map

    © 2025 | CyberMaterial | All rights reserved

    Welcome Back!

    Login to your account below

    Forgotten Password?

    Retrieve your password

    Please enter your username or email address to reset your password.

    Log In

    Add New Playlist

    No Result
    View All Result
    • Alerts
    • Incidents
    • News
    • Cyber Decoded
    • Cyber Hygiene
    • Cyber Review
    • Definitions
    • Malware
    • Cyber Tips
    • Tutorials
    • Advanced Persistent Threats
    • Threat Actors
    • Report an incident
    • Password Generator
    • About Us
    • Contact Us
    • Advertise with us

    Copyright © 2025 CyberMaterial