Security researchers have confirmed that hackers are breaking into unpatched Windows computers using the BlueKeep vulnerability to install money-making cryptocurrency-mining code code.
British researcher Kevin Beaumont raised the alarm this weekend, after discovering that BlueKeep honeypots he had set up (to act as an early alarm that the vulnerability was being exploited) began to crash and reboot themselves.
I built a worldwide honeypot network to spot exploitation, which I called BluePot.
Since then it has been remarkably quiet. I’ve been keeping in contact with people at threat intelligence and anti-malware companies and, essentially, the protection built has been eerily quiet. That isn’t to say exploitation hasn’t happened — of course, advanced threat actors would absolutely look to leverage this — but there’s been a complete lack of data to suggest any kind of widespread exploitation.
That changed on October 23rd — one of the BlueKeep honeypots crashed and rebooted. Over the following weeks, all of the honeypots crashed and rebooted (except one in Australia) with increasing regularity.
Beaumont shared details of what had happened to his honeypots with Marcus Hutchins of Kryptos Logic, who determined that the attacks were using demo BlueKeep exploit code in an attempt to install a cryptominer onto unpatched Windows computers.
The good news is that the current attack appears to be flawed – crashing the computers it is attempting to infect rather than successfully installing the hackers’ code.
News first broke of the after months worry bluekeep vulnerability being exploited hacking campaign
