Cryptojacking Spree: Targeting Washington State Educational Institutions

Cryptojacking Spree: Targeting Washington State Educational Institutions

According to a new advisory released by Palo Alto Network's Unit 42 team, recently, cryptojacking incidents have taken place against educational institutions in Washington State. Threat actors are targeting educational institutions in the United States intending to compromise their networks and mine cryptocurrency covertly. 

Otherwise known as cryptojacking attacks, this is a form of cyberattack in which attackers use deception tactics to install cryptocurrency mining components that leech off of computational power without being noticed or detected. 

On February 16, cybersecurity researchers discovered the first attack, which consisted of a malicious HTTP request sent to a domain owned by an educational institution. Security teams initially mistook it for a trivial command injection flaw, but it turned out to be a command for a web shell backdoor that attackers used to gain access to the institution's network. 

In this form of attack, attackers use various types of miner software to try to generate cryptocurrencies such as Monero, Litecoin, Bitcoin, and Ethereum. Attackers typically compromise a large number of systems to make the attacks lucrative and bring in more cryptocurrency. 

The researchers say that a UPX-packed cpuminer -- used to mine LTC and BTC -- has been delivered by way of malicious traffic. 

If deployment is successful, the backdoor is then able to call and execute the crypto mining payload. Besides, the malware will download a mini shell that pretends to be a wp-load.php file. "Since the mini shell is not moved elsewhere, we speculate that the current directory of the mini shell, as well as the backdoor, is a web directory exposed to the internet," the report states. 

Cryptocurrency mined ..