The hacker group Blue Mockingbird hacked at least a thousand corporate servers to install a hidden miner for the Monero cryptocurrency on them, ZDNet reports.
According to cybersecurity experts from Red Canary, hackers exploited vulnerability CVE-2019-18935 in the platform of client interface components of Telerik UI for web services on ASP.NET to carry out an attack.
Using a variation of the Juicy Potato utility, they got full access to the webserver and installed the XMRRig program for cryptocurrency mining.
If access to the company's internal network was opened from the server, hackers infected other machines as well.
Red Canary experts recorded about a thousand attacks on the server, but do not exclude that the total number of hacks can be much larger.
The vulnerability CVE-2019-18935 is considered extremely dangerous because it has been successfully exploited by attackers several times. In most cases, the only way to prevent an attack is to block the exploitation of vulnerability at the firewall level.