Blog | G5 Cyber Security

Lemon_Duck PowerShell malware cryptojacks enterprise networks

SophosLabs are monitoring a spike in crypto mining attacks that spread quickly across enterprise networks. These attacks use a variety of malicious scripts that, eventually, turn an enterprises large pool of CPU resources into efficient cryptocurrency mining slaves. The threat actor has begun to employ the use of EternalBlue exploits to propagate laterally to other machines in the same network. Most of the offensive modules used in this script are sourced from open source repositories; the malicious scripts maintain their persistence on infected Windows machines using Scheduled Tasks.”]

Source: https://news.sophos.com/en-us/2019/10/01/lemon_duck-powershell-malware-cryptojacks-enterprise-networks/

Exit mobile version