TLP
TLP CLEAR
Author
David Deflache
Summary
The attack on the Microsoft SQL Server involved a series of sophisticated techniques employed by the adversaries. It began with the initial stage of reconnaissance, where the attackers sought to identify vulnerabilities and potential entry points. They then proceeded to exploit a known vulnerability in the server software, gaining unauthorized access. Once inside, they executed a privilege escalation technique to obtain higher privileges and control over the system. With elevated access, they deployed a backdoor, allowing them to maintain persistence and remotely control the compromised server. This attack showcased the attackers’ proficiency in reconnaissance, exploitation, privilege escalation, and persistence, underscoring the importance of robust security measures.
DATA
TIMELINE
CATEGORY
Miner
references
https://thedfirreport.com/2022/07/11/select-xmrig-from-sqlserver/