Menu

  • Alerts
  • Incidents
  • News
  • APTs
  • Cyber Decoded
  • Cyber Hygiene
  • Cyber Review
  • Cyber Tips
  • Definitions
  • Malware
  • Threat Actors
  • Tutorials

Useful Tools

  • Password generator
  • Report an incident
  • Report to authorities
No Result
View All Result
CTF Hack Havoc
CyberMaterial
  • Education
    • Cyber Decoded
    • Definitions
  • Information
    • Alerts
    • Incidents
    • News
  • Insights
    • Cyber Hygiene
    • Cyber Review
    • Tips
    • Tutorials
  • Support
    • Contact Us
    • Report an incident
  • About
    • About Us
    • Advertise with us
Get Help
Hall of Hacks
  • Education
    • Cyber Decoded
    • Definitions
  • Information
    • Alerts
    • Incidents
    • News
  • Insights
    • Cyber Hygiene
    • Cyber Review
    • Tips
    • Tutorials
  • Support
    • Contact Us
    • Report an incident
  • About
    • About Us
    • Advertise with us
Get Help
No Result
View All Result
Hall of Hacks
CyberMaterial
No Result
View All Result
Home Alerts

Hackers Exploit MSSQL Servers in India

August 9, 2024
Reading Time: 2 mins read
in Alerts
Hackers Exploit MSSQL Servers in India

A newly identified hacker group, known as STAC6451, has been actively targeting Microsoft SQL (MSSQL) servers to compromise organizations, with a particular focus on entities in India. This group leverages exposed MSSQL servers, especially those with weak credentials, to deploy ransomware and execute other malicious activities. Their approach includes exploiting the default TCP/IP port 1433, which is commonly exposed to the public internet, allowing them to gain unauthorized access.

Once STAC6451 gains entry, they enable the xp_cmdshell stored procedure on the compromised servers. This procedure, which is disabled by default for security reasons, permits the attackers to execute arbitrary commands. The group then uses the Bulk Copy Program (BCP) utility to stage and deploy malicious payloads. These payloads include privilege escalation tools and ransomware binaries, such as Cobalt Strike Beacons and Mimic ransomware.

The attackers further establish persistence by creating backdoor accounts using the Python Impacket library. These accounts, such as “ieadm” and “helpdesk,” are added to local administrator and remote desktop groups to facilitate lateral movement within the network. Additionally, STAC6451 employs tools like AnyDesk for remote control and leverages the PrintSpoofer malware tool to escalate privileges through vulnerabilities in the Windows spooler service.

To protect against STAC6451’s tactics, organizations should avoid exposing MSSQL servers to the internet, disable the xp_cmdshell stored procedure, and implement application control measures to block unwanted applications like AnyDesk. Regular system updates and patch management are also crucial to closing vulnerabilities. These steps can help mitigate the risks posed by this sophisticated group and prevent potential compromises.

Reference:

  • STAC6451 Hackers Exploit Exposed MSSQL Servers in India for Ransomware Attacks
Tags: August 2024CredentialsCyber AlertsCyber Alerts 2024Cyber threatshacker groupMicrosoftMsSQLSQLSTAC6451
ADVERTISEMENT

Related Posts

Hackers Use Leaked Shellter License Malware

Windows BitLocker Vulnerability Flaw

July 9, 2025
Hackers Use Leaked Shellter License Malware

Hackers Use Leaked Shellter License Malware

July 9, 2025
Hackers Use Leaked Shellter License Malware

Anatsa Android Trojan Targets 90K Users

July 9, 2025
AMOS Mac Stealer Adds Persistent Backdoor

AMOS Mac Stealer Adds Persistent Backdoor

July 8, 2025
AMOS Mac Stealer Adds Persistent Backdoor

NordDragonScan Malware Steals Windows Data

July 8, 2025
AMOS Mac Stealer Adds Persistent Backdoor

New Ransomware BERT Targets ESXi Systems

July 8, 2025

Latest Alerts

Windows BitLocker Vulnerability Flaw

Anatsa Android Trojan Targets 90K Users

Hackers Use Leaked Shellter License Malware

New Ransomware BERT Targets ESXi Systems

NordDragonScan Malware Steals Windows Data

AMOS Mac Stealer Adds Persistent Backdoor

Subscribe to our newsletter

    Latest Incidents

    Credit Reports Breached And Sold On Dark Web

    Recruiting Software Exposed 26M Resumes

    Norwegian Municipalities Hit by Data Breach

    French Chip Firm Semco Hacked During IPO

    Louis Vuitton Korea Hit By Cyberattack

    Virginia School District Hit By Cyberattack

    CyberMaterial Logo
    • About Us
    • Contact Us
    • Jobs
    • Legal and Privacy Policy
    • Site Map

    © 2025 | CyberMaterial | All rights reserved

    Welcome Back!

    Login to your account below

    Forgotten Password?

    Retrieve your password

    Please enter your username or email address to reset your password.

    Log In

    Add New Playlist

    No Result
    View All Result
    • Alerts
    • Incidents
    • News
    • Cyber Decoded
    • Cyber Hygiene
    • Cyber Review
    • Definitions
    • Malware
    • Cyber Tips
    • Tutorials
    • Advanced Persistent Threats
    • Threat Actors
    • Report an incident
    • Password Generator
    • About Us
    • Contact Us
    • Advertise with us

    Copyright © 2025 CyberMaterial