Menu

  • Alerts
  • Incidents
  • News
  • APTs
  • Cyber Decoded
  • Cyber Hygiene
  • Cyber Review
  • Cyber Tips
  • Definitions
  • Malware
  • Threat Actors
  • Tutorials

Useful Tools

  • Password generator
  • Report an incident
  • Report to authorities
No Result
View All Result
CTF Hack Havoc
CyberMaterial
  • Education
    • Cyber Decoded
    • Definitions
  • Information
    • Alerts
    • Incidents
    • News
  • Insights
    • Cyber Hygiene
    • Cyber Review
    • Tips
    • Tutorials
  • Support
    • Contact Us
    • Report an incident
  • About
    • About Us
    • Advertise with us
Get Help
Hall of Hacks
  • Education
    • Cyber Decoded
    • Definitions
  • Information
    • Alerts
    • Incidents
    • News
  • Insights
    • Cyber Hygiene
    • Cyber Review
    • Tips
    • Tutorials
  • Support
    • Contact Us
    • Report an incident
  • About
    • About Us
    • Advertise with us
Get Help
No Result
View All Result
Hall of Hacks
CyberMaterial
No Result
View All Result
Home Alerts

Researchers Find Spoofing in Major Browsers

June 5, 2024
Reading Time: 3 mins read
in Alerts
Researchers Find Spoofing in Major Browsers

Hackers often use proxy servers to hide their identities and access restricted networks. These servers, when compromised, can be exploited to launch cyberattacks, distribute malware, and conduct illegal activities while masking the true origin of the traffic. Cybersecurity researchers recently identified a case where a ransomware actor exploited the proxy server of a CoinMiner attacker. This proxy server, initially set up by the CoinMiner group to control an infected botnet, became a target for the ransomware actor’s RDP scan attack.

The CoinMiner group had initially breached the server by scanning for MS-SQL administrator accounts and using xp_cmdshell to install a backdoor, downloading CoinMiner malware from a command-and-control server. However, their reverse RDP proxy server, set up using a modified Fast Reverse Proxy tool, was left exposed. This exposure allowed the ransomware actor to gain administrative access through RDP port scanning and brute force attacks. Once inside, the ransomware actor moved laterally, spreading ransomware throughout the CoinMiner botnet and network.

Two hypotheses explain the ransomware actor’s attack on the proxy server. It could have been an accidental target during the ransomware actor’s scan for exposed RDP ports, or it could have been a deliberate attack on previously compromised systems known to have vulnerabilities. The repeated access to the affected system suggests the ransomware actor might have recognized the compromised state of the CoinMiner infrastructure.

This incident highlights an emerging trend where cyber attackers infiltrate rival groups’ infrastructures to enhance their attacks. Such actions complicate attribution and defense efforts, as threat actors increasingly leverage each other’s compromised systems and resources. As these cases become more common, the cybersecurity landscape may see more intentional hacking between different hacker groups, significantly complicating threat management and mitigation strategies.

Reference:

  • Mobile Browsers Hit by Major Address Bar Spoofing Flaws
Tags: CoinMinerCyber AlertsCyber Alerts 2024Cyber RiskCyber threatHackerJune 2024MalwareMS SQL
ADVERTISEMENT

Related Posts

Russian APT28 Deploys Outlook Backdoor

SAP S4hana Exploited Vulnerability

September 5, 2025
Russian APT28 Deploys Outlook Backdoor

Virustotal Finds Undetected SVG Files

September 5, 2025
Russian APT28 Deploys Outlook Backdoor

Russian APT28 Deploys Outlook Backdoor

September 5, 2025
Lazarus Hackers Exploit ZeroDay, Deploy Rats

Lazarus Hackers Exploit ZeroDay, Deploy Rats

September 4, 2025
Lazarus Hackers Exploit ZeroDay, Deploy Rats

CISA Flags TP Link Router Flaws

September 4, 2025
Lazarus Hackers Exploit ZeroDay, Deploy Rats

Google Patches 120 Flaws In Android

September 4, 2025

Latest Alerts

SAP S4hana Exploited Vulnerability

Virustotal Finds Undetected SVG Files

Russian APT28 Deploys Outlook Backdoor

CISA Flags TP Link Router Flaws

Lazarus Hackers Exploit ZeroDay, Deploy Rats

Google Patches 120 Flaws In Android

Subscribe to our newsletter

    Latest Incidents

    North Korean Hackers Fake Interviews

    Bridgestone Confirms Cyberattack

    Cybersecurity Firms Hit By Breach

    Salesloft Drift Attacks Hits Vendors

    Jaguar Land Rover Hit By Cyber Incident

    Hackers Use Grok Ai To Spread Malware

    CyberMaterial Logo
    • About Us
    • Contact Us
    • Jobs
    • Legal and Privacy Policy
    • Site Map

    © 2025 | CyberMaterial | All rights reserved

    Welcome Back!

    Login to your account below

    Forgotten Password?

    Retrieve your password

    Please enter your username or email address to reset your password.

    Log In

    Add New Playlist

    No Result
    View All Result
    • Alerts
    • Incidents
    • News
    • Cyber Decoded
    • Cyber Hygiene
    • Cyber Review
    • Definitions
    • Malware
    • Cyber Tips
    • Tutorials
    • Advanced Persistent Threats
    • Threat Actors
    • Report an incident
    • Password Generator
    • About Us
    • Contact Us
    • Advertise with us

    Copyright © 2025 CyberMaterial