Malicious crypto miners compromise academic data centers

Academic data centers across Europe, North America, and China suffered a string of attacks that may have been carried out to mine Monero.
Updated on
April 19, 2023
Published on
May 22, 2020
Subscribe to the latest industry news, threats and resources.

The Attack

  • In a possibly concerted string of attacks, malicious crypto miners target academic data centers across China, Europe, and North America, disrupting COVID-19 research.
  • EGI Computer Security Incident Response Team believes that the attacker moves from one victim to another using compromised SSH credentials, with intentions to mine Monero.
  • The targeted hosts are infected with malware and are altered to serve as:
    • XMR mining hosts (by running a hidden XMR binary)
    • XMR-proxy hosts; The attacker uses these hosts from the XMR mining hosts, to connect to other XMR-proxy hosts and eventually to the actual mining server.
    • SOCKS proxy hosts (running a microSOCKS instance on a high port) ; The attacker connects to these hosts via SSH, often from Tor. MicroSOCKS is used from Tor as well.
    • Tunnel hosts (SSH tunneling) ; The attacker connects via SSH (compromised account) and configure NAT PREROUTING (typically to access private IP spaces).

Get Global Threat Intelligence on Real Time

Protect your business from cyber threats with real-time global threat intelligence data.. 30-day free and No Commitment Trial.
Schedule a Demo
Real time Threat Intelligence Data
More information and context about Underground Chatter
On-Demand Research Services
Dashboard mockup
Global Threat Intelligence Feed

Protect and proceed with Actionable Intelligence

The Global Cyber Threat Intelligence Feed is an innovative platform that gathers information from various sources to help businesses and organizations stay ahead of potential cyber-attacks. This feed provides real-time updates on cyber threats, including malware, phishing scams, and other forms of cybercrime.
Trusted by 400+ Top organisations