Israeli security researchers Liad Mordekovitz and Ophir Harpaz from the Guardicore cybersecurity company exposed a global cyberattack last week, in which 2,000 targets were attacked, as reported by Israel Hayom.
Hackers used servers as a base from which to cause harm to additional targets, decentralizing the attack to make themselves harder to trace.
Servers breached in the attack used Microsoft’s SMB protocol. The attackers created a “backdoor” that allowed them to penetrate the servers repeatedly and sell the access on the dark web. According to some assessments, every compromised Windows server is worth hundreds of dollars, which adds up to a significant sum.
The purpose of the attack? To harness the servers to mine digital currency, install Trojan horses, and collect information. The hackers were also able to employ advanced methods of eradicating other hackers’ malware found on the servers so they could have exclusive “use” of them. The hackers also took care to delete their own files after use.
Guardicore released a tool to help identify what systems have been breached, along with advice on how to protect systems.