Menu

  • Alerts
  • Incidents
  • News
  • APTs
  • Cyber Decoded
  • Cyber Hygiene
  • Cyber Review
  • Cyber Tips
  • Definitions
  • Malware
  • Threat Actors
  • Tutorials

Useful Tools

  • Password generator
  • Report an incident
  • Report to authorities
No Result
View All Result
CTF Hack Havoc
CyberMaterial
  • Education
    • Cyber Decoded
    • Definitions
  • Information
    • Alerts
    • Incidents
    • News
  • Insights
    • Cyber Hygiene
    • Cyber Review
    • Tips
    • Tutorials
  • Support
    • Contact Us
    • Report an incident
  • About
    • About Us
    • Advertise with us
Get Help
Hall of Hacks
  • Education
    • Cyber Decoded
    • Definitions
  • Information
    • Alerts
    • Incidents
    • News
  • Insights
    • Cyber Hygiene
    • Cyber Review
    • Tips
    • Tutorials
  • Support
    • Contact Us
    • Report an incident
  • About
    • About Us
    • Advertise with us
Get Help
No Result
View All Result
Hall of Hacks
CyberMaterial
No Result
View All Result
Home Alerts

ISP IPs Targeted to Deploy Infostealers

March 4, 2025
Reading Time: 2 mins read
in Alerts

A mass exploitation campaign has targeted over 4,000 ISP IP addresses, primarily located in China and the US West Coast, to deploy information stealers and cryptocurrency miners. The attackers leveraged brute-force methods, exploiting weak credentials to gain access to the compromised systems. This intrusion allowed them to execute a series of payloads that carried out network scanning, information theft, and cryptocurrency mining using the victim’s resources. The malicious actions were carried out with minimal intrusion to avoid detection, with compromised accounts used to minimize the footprint of their operations.

Once the attackers gained access, they used PowerShell scripts to drop executables onto the infected systems.

These tools facilitated further actions such as data exfiltration and the execution of XMRig cryptocurrency mining software. The malware also targeted specific infrastructure related to ISPs and used a masscan tool to scan large IP ranges for open ports, enabling the brute-forcing of credentials. The attackers also deployed binaries that helped in establishing persistence on the systems, ensuring that they remained within the networks for extended periods.

One of the key features of the malware was its ability to function as a stealer, capturing screenshots and searching for cryptocurrency wallet addresses in the clipboard.

It specifically looked for wallet addresses associated with popular cryptocurrencies like Bitcoin, Ethereum, and Litecoin. This information was then exfiltrated to a Telegram bot, further complicating detection efforts. The attackers also employed techniques like disabling security product features and terminating any services associated with cryptominer detection to ensure the mining software could run undetected.

The attackers used Python and PowerShell to execute their operations, which allowed them to perform actions in restricted environments and use APIs like Telegram for command-and-control (C2) communication. This reliance on scripting languages helped them bypass traditional security measures and operate covertly within the targeted environments. Overall, the campaign demonstrated a sophisticated use of available tools and techniques, with a focus on maintaining stealth and persistence while conducting cryptocurrency mining and data exfiltration operations.

Reference:
  • Internet Service Providers IPs Targeted in Brute Force Attacks to Deploy Infostealers
Tags: Cyber AlertsCyber Alerts 2025CyberattackCybersecurityMarch 2025
ADVERTISEMENT

Related Posts

Hackers Revive SEO Poisoning

Hackers Revive SEO Poisoning

July 10, 2025
Hackers Revive SEO Poisoning

RondoDox Botnet Exploits Router Flaws

July 10, 2025
Hackers Revive SEO Poisoning

ServiceNow Data Exposure via ACLs

July 10, 2025
Hackers Use Leaked Shellter License Malware

Windows BitLocker Vulnerability Flaw

July 9, 2025
Hackers Use Leaked Shellter License Malware

Hackers Use Leaked Shellter License Malware

July 9, 2025
Hackers Use Leaked Shellter License Malware

Anatsa Android Trojan Targets 90K Users

July 9, 2025

Latest Alerts

RondoDox Botnet Exploits Router Flaws

ServiceNow Data Exposure via ACLs

Hackers Revive SEO Poisoning

Windows BitLocker Vulnerability Flaw

Anatsa Android Trojan Targets 90K Users

Hackers Use Leaked Shellter License Malware

Subscribe to our newsletter

    Latest Incidents

    Bitcoin Depot Breach Exposes Data

    McDonald’s AI Hiring Bot Exposes Data

    Nippon Steel Solutions Data Breach

    Norwegian Municipalities Hit by Data Breach

    Credit Reports Breached And Sold On Dark Web

    Recruiting Software Exposed 26M Resumes

    CyberMaterial Logo
    • About Us
    • Contact Us
    • Jobs
    • Legal and Privacy Policy
    • Site Map

    © 2025 | CyberMaterial | All rights reserved

    Welcome Back!

    Login to your account below

    Forgotten Password?

    Retrieve your password

    Please enter your username or email address to reset your password.

    Log In

    Add New Playlist

    No Result
    View All Result
    • Alerts
    • Incidents
    • News
    • Cyber Decoded
    • Cyber Hygiene
    • Cyber Review
    • Definitions
    • Malware
    • Cyber Tips
    • Tutorials
    • Advanced Persistent Threats
    • Threat Actors
    • Report an incident
    • Password Generator
    • About Us
    • Contact Us
    • Advertise with us

    Copyright © 2025 CyberMaterial