Summary: A mass exploitation campaign targeting Internet service providers (ISPs) in China and the U.S. West Coast has been reported, deploying information stealers and cryptocurrency miners on compromised hosts. The threat actors utilize scripting languages for their operations and rely on brute-force attacks exploiting weak credentials, particularly from Eastern European IP addresses. Key malicious activities include data exfiltration and the deployment of various binaries to maintain persistence and control within the compromised systems.
Affected: Internet service providers (ISPs) in China and the United States.
Keypoints :
- Exploitation campaign targets over 4,000 ISP-related IP addresses.
- Malware capabilities include information theft and cryptocurrency mining.
- Operations involve disabling security features and using tools like Python and PowerShell.
- Stealer malware captures screenshots and clips clipboard content for cryptocurrency addresses.
- Exfiltrated data is sent to a Telegram bot for command-and-control operations.
- Masscan tool is utilized for scanning IP addresses and performing brute-force attacks.
Source: https://thehackernews.com/2025/03/over-4000-isp-networks-targeted-in.html