Menu

  • Alerts
  • Incidents
  • News
  • APTs
  • Cyber Decoded
  • Cyber Hygiene
  • Cyber Review
  • Cyber Tips
  • Definitions
  • Malware
  • Threat Actors
  • Tutorials

Useful Tools

  • Password generator
  • Report an incident
  • Report to authorities
No Result
View All Result
CTF Hack Havoc
CyberMaterial
  • Education
    • Cyber Decoded
    • Definitions
  • Information
    • Alerts
    • Incidents
    • News
  • Insights
    • Cyber Hygiene
    • Cyber Review
    • Tips
    • Tutorials
  • Support
    • Contact Us
    • Report an incident
  • About
    • About Us
    • Advertise with us
Get Help
Hall of Hacks
  • Education
    • Cyber Decoded
    • Definitions
  • Information
    • Alerts
    • Incidents
    • News
  • Insights
    • Cyber Hygiene
    • Cyber Review
    • Tips
    • Tutorials
  • Support
    • Contact Us
    • Report an incident
  • About
    • About Us
    • Advertise with us
Get Help
No Result
View All Result
Hall of Hacks
CyberMaterial
No Result
View All Result
Home Alerts

Researchers Find Spoofing in Major Browsers

June 5, 2024
Reading Time: 3 mins read
in Alerts
Researchers Find Spoofing in Major Browsers

Hackers often use proxy servers to hide their identities and access restricted networks. These servers, when compromised, can be exploited to launch cyberattacks, distribute malware, and conduct illegal activities while masking the true origin of the traffic. Cybersecurity researchers recently identified a case where a ransomware actor exploited the proxy server of a CoinMiner attacker. This proxy server, initially set up by the CoinMiner group to control an infected botnet, became a target for the ransomware actor’s RDP scan attack.

The CoinMiner group had initially breached the server by scanning for MS-SQL administrator accounts and using xp_cmdshell to install a backdoor, downloading CoinMiner malware from a command-and-control server. However, their reverse RDP proxy server, set up using a modified Fast Reverse Proxy tool, was left exposed. This exposure allowed the ransomware actor to gain administrative access through RDP port scanning and brute force attacks. Once inside, the ransomware actor moved laterally, spreading ransomware throughout the CoinMiner botnet and network.

Two hypotheses explain the ransomware actor’s attack on the proxy server. It could have been an accidental target during the ransomware actor’s scan for exposed RDP ports, or it could have been a deliberate attack on previously compromised systems known to have vulnerabilities. The repeated access to the affected system suggests the ransomware actor might have recognized the compromised state of the CoinMiner infrastructure.

This incident highlights an emerging trend where cyber attackers infiltrate rival groups’ infrastructures to enhance their attacks. Such actions complicate attribution and defense efforts, as threat actors increasingly leverage each other’s compromised systems and resources. As these cases become more common, the cybersecurity landscape may see more intentional hacking between different hacker groups, significantly complicating threat management and mitigation strategies.

Reference:

  • Mobile Browsers Hit by Major Address Bar Spoofing Flaws
Tags: CoinMinerCyber AlertsCyber Alerts 2024Cyber RiskCyber threatHackerJune 2024MalwareMS SQL
ADVERTISEMENT

Related Posts

VexTrio TDS Uses Adtech To Spread Malware

Simple Typo Breaks AI Safety Via TokenBreak

June 13, 2025
VexTrio TDS Uses Adtech To Spread Malware

VexTrio TDS Uses Adtech To Spread Malware

June 13, 2025
VexTrio TDS Uses Adtech To Spread Malware

Old Discord Links Now Lead To Malware

June 13, 2025
SmartAttack Uses Sound To Steal PC Data

SmartAttack Uses Sound To Steal PC Data

June 13, 2025
SmartAttack Uses Sound To Steal PC Data

Coordinated Brute Force Hits Tomcat Manager

June 13, 2025
SmartAttack Uses Sound To Steal PC Data

Pentest Tool TeamFiltration Hits Entra ID

June 12, 2025

Latest Alerts

Old Discord Links Now Lead To Malware

VexTrio TDS Uses Adtech To Spread Malware

Simple Typo Breaks AI Safety Via TokenBreak

Coordinated Brute Force Hits Tomcat Manager

SmartAttack Uses Sound To Steal PC Data

Pentest Tool TeamFiltration Hits Entra ID

Subscribe to our newsletter

    Latest Incidents

    Cyberattack On Brussels Parliament Continues

    Swedish Broadcaster SVT Hit By DDoS

    Major Google Cloud Outage Disrupts Web

    AI Spam Hijacks Official US Vaccine Site

    DragonForce Ransomware Hits Philly Schools

    Erie Insurance Cyberattack Halts Operations

    CyberMaterial Logo
    • About Us
    • Contact Us
    • Jobs
    • Legal and Privacy Policy
    • Site Map

    © 2025 | CyberMaterial | All rights reserved

    Welcome Back!

    Login to your account below

    Forgotten Password?

    Retrieve your password

    Please enter your username or email address to reset your password.

    Log In

    Add New Playlist

    No Result
    View All Result
    • Alerts
    • Incidents
    • News
    • Cyber Decoded
    • Cyber Hygiene
    • Cyber Review
    • Definitions
    • Malware
    • Cyber Tips
    • Tutorials
    • Advanced Persistent Threats
    • Threat Actors
    • Report an incident
    • Password Generator
    • About Us
    • Contact Us
    • Advertise with us

    Copyright © 2025 CyberMaterial