Menu

  • Alerts
  • Incidents
  • News
  • APTs
  • Cyber Decoded
  • Cyber Hygiene
  • Cyber Review
  • Cyber Tips
  • Definitions
  • Malware
  • Threat Actors
  • Tutorials

Useful Tools

  • Password generator
  • Report an incident
  • Report to authorities
No Result
View All Result
CTF Hack Havoc
CyberMaterial
  • Education
    • Cyber Decoded
    • Definitions
  • Information
    • Alerts
    • Incidents
    • News
  • Insights
    • Cyber Hygiene
    • Cyber Review
    • Tips
    • Tutorials
  • Support
    • Contact Us
    • Report an incident
  • About
    • About Us
    • Advertise with us
Get Help
Hall of Hacks
  • Education
    • Cyber Decoded
    • Definitions
  • Information
    • Alerts
    • Incidents
    • News
  • Insights
    • Cyber Hygiene
    • Cyber Review
    • Tips
    • Tutorials
  • Support
    • Contact Us
    • Report an incident
  • About
    • About Us
    • Advertise with us
Get Help
No Result
View All Result
Hall of Hacks
CyberMaterial
No Result
View All Result
Home Alerts

Hackers Exploit MSSQL Servers in India

August 9, 2024
Reading Time: 2 mins read
in Alerts
Hackers Exploit MSSQL Servers in India

A newly identified hacker group, known as STAC6451, has been actively targeting Microsoft SQL (MSSQL) servers to compromise organizations, with a particular focus on entities in India. This group leverages exposed MSSQL servers, especially those with weak credentials, to deploy ransomware and execute other malicious activities. Their approach includes exploiting the default TCP/IP port 1433, which is commonly exposed to the public internet, allowing them to gain unauthorized access.

Once STAC6451 gains entry, they enable the xp_cmdshell stored procedure on the compromised servers. This procedure, which is disabled by default for security reasons, permits the attackers to execute arbitrary commands. The group then uses the Bulk Copy Program (BCP) utility to stage and deploy malicious payloads. These payloads include privilege escalation tools and ransomware binaries, such as Cobalt Strike Beacons and Mimic ransomware.

The attackers further establish persistence by creating backdoor accounts using the Python Impacket library. These accounts, such as “ieadm” and “helpdesk,” are added to local administrator and remote desktop groups to facilitate lateral movement within the network. Additionally, STAC6451 employs tools like AnyDesk for remote control and leverages the PrintSpoofer malware tool to escalate privileges through vulnerabilities in the Windows spooler service.

To protect against STAC6451’s tactics, organizations should avoid exposing MSSQL servers to the internet, disable the xp_cmdshell stored procedure, and implement application control measures to block unwanted applications like AnyDesk. Regular system updates and patch management are also crucial to closing vulnerabilities. These steps can help mitigate the risks posed by this sophisticated group and prevent potential compromises.

Reference:

  • STAC6451 Hackers Exploit Exposed MSSQL Servers in India for Ransomware Attacks
Tags: August 2024CredentialsCyber AlertsCyber Alerts 2024Cyber threatshacker groupMicrosoftMsSQLSQLSTAC6451
ADVERTISEMENT

Related Posts

Steganography Cloud C2 In Modular Chain

Steganography Cloud C2 In Modular Chain

September 19, 2025
Steganography Cloud C2 In Modular Chain

Fake Empire Targets Crypto With AMOS

September 19, 2025
Steganography Cloud C2 In Modular Chain

SEO Poisoning Hits Chinese Users

September 19, 2025
Apple Backports Fix For Exploited Bug

Apple Backports Fix For Exploited Bug

September 18, 2025
Apple Backports Fix For Exploited Bug

FileFix Uses Steganography To Drop StealC

September 18, 2025
Apple Backports Fix For Exploited Bug

Google Removes 224 Android Malware Apps

September 18, 2025

Latest Alerts

Steganography Cloud C2 In Modular Chain

Fake Empire Targets Crypto With AMOS

SEO Poisoning Hits Chinese Users

FileFix Uses Steganography To Drop StealC

Apple Backports Fix For Exploited Bug

Google Removes 224 Android Malware Apps

Subscribe to our newsletter

    Latest Incidents

    Russian Hackers Hit Polish Hospitals

    New York Blood Center Data Breach

    Tiffany Data Breach Hits Thousands

    AI Forged Military IDs Used In Phishing

    Insight Partners Warns After Data Breach

    ShinyHunters Claims Salesforce Data Theft

    CyberMaterial Logo
    • About Us
    • Contact Us
    • Jobs
    • Legal and Privacy Policy
    • Site Map

    © 2025 | CyberMaterial | All rights reserved

    Welcome Back!

    Login to your account below

    Forgotten Password?

    Retrieve your password

    Please enter your username or email address to reset your password.

    Log In

    Add New Playlist

    No Result
    View All Result
    • Alerts
    • Incidents
    • News
    • Cyber Decoded
    • Cyber Hygiene
    • Cyber Review
    • Definitions
    • Malware
    • Cyber Tips
    • Tutorials
    • Advanced Persistent Threats
    • Threat Actors
    • Report an incident
    • Password Generator
    • About Us
    • Contact Us
    • Advertise with us

    Copyright © 2025 CyberMaterial