FlagThis

The Splunk Threat Research Team has revealed a widespread cyber campaign specifically targeting Internet Service Provider (ISP) infrastructure providers on the West Coast of the United States and in China. Over 4,000 ISP-related IP addresses were explicitly targeted. This mass exploitation campaign involves the deployment of information stealers and crypto miners on compromised systems.

The attack leverages brute-force tactics to exploit weak credentials, gaining initial access to the targeted networks. Once inside, the attackers deploy cryptomining and info-stealing malware. This campaign is believed to have originated from Eastern Europe, highlighting the global nature of cyber threats and the importance of robust security measures for critical infrastructure providers.

ImgSrc: blogger.googleu

References :

• Virus Bulletin: The Splunk Threat Research Team has identified a campaign targeting ISP infrastructure providers. This mass exploitation campaign led to cryptomining and infostealer payloads. The main vector & initial access is driven by using well known weak credentials.
• securityaffairs.com: Mass exploitation campaign hit 4,000+ ISP networks to deploy info stealers and crypto miners
• thehackernews.com: Over 4,000 ISP IPs Targeted in Brute-Force Attacks to Deploy Info Stealers and Cryptominers
• Information Security Buzz: The Splunk Threat Research Team has uncovered a widespread cyber campaign targeting Internet Service Provider (ISP) infrastructure providers on the West Coast of the United States and in China. Over 4,000 ISP-related IPs were explicitly targeted in this campaign.
• securityaffairs.com: Mass exploitation campaign hit 4,000+ ISP networks to deploy info stealers and crypto miners

Classification:

• HashTags: #ISP #Cyberattack #CredentialBruteForce
• Company: Various US and China ISPs
• Target: ISPs
• Attacker: Splunk Threat Research Team
• Product: ISP Infrastructure
• Feature: Brute-force
• Malware: Info Stealers and Crypto Miners
• Type: Hack
• Severity: Major