Elasticsearch servers exposed on the internet from May 11 until May 22. Researchers from Comparitech exposed the Elasticsearch server for the first time. The first one attack occurred less than 12 hours after being exposed. Most of the attacks originated from the U.S. (89), Romania (38), and China (15), according to the study. Many actors were looking to mine for cryptocurrency by exploiting an old vulnerability (CVE-2015-5531 – directory traversal) to get to the server s /etc/passwd file.
Source: https://www.bleepingcomputer.com/news/security/hackers-are-quick-to-notice-exposed-elasticsearch-servers/