TZUTC: -0500   
   MSGID: 834.consprcy@1:2320/105 2c529b94   
   PID: Synchronet 3.20a-Linux master/acc19483f Apr 26 202 GCC 12.2.0   
   TID: SBBSecho 3.20-Linux master/acc19483f Apr 26 2024 23:04 GCC 12.2.0   
   BBSID: CAPCITY2   
   CHRS: ASCII 1   
   Thousands of PostgreSQL servers are being hijacked to mine crypto   
      
   Date:   
   Wed, 02 Apr 2025 15:03:00 +0000   
      
   Description:   
   Hackers are hunting for misconfigured servers and those with weak passwords.   
      
   FULL STORY   
      
   Hackers are targeting misconfigured and publicly exposed PostgreSQL servers   
   with cryptocurrency miners, rendering them practically unusable as they rake   
   up the electricity bill for the victims, researchers have warned.    
      
   Wiz Threat Research experts said the new attack was actually a variant of an   
   already observed, ongoing campaign, as the threat actors (which they call   
   JINX-0126) are targeting PostgreSQL instances configured with weak and   
   guessable login credentials. Once they find them and log in, they deploy the   
   XMRig-C3 cryptominer .    
      
   XMRig is a hugely popular cryptominer, since it mines the Monero   
   cryptocurrency, which is generally a lot more difficult to trace, compared to   
   Bitcoin, or other mineable currencies.    
      
   Mining Monero    
      
   A cryptocurrency miner uses up almost all of the devices compute power,   
   rendering it useless for pretty much anything else. This also means increased   
   electricity consumption, which results in an inflated bill at the end of the   
   month.    
      
   Cybercriminals, on the other hand, get Monero sent directly into their   
   wallets, which they can sell on the open market for US dollars, or any other   
   cryptocurrency. In many cases, the money gets spent on other malicious   
   campaigns.    
      
   Wiz says that the campaign was first documented by researchers from Aqua   
   Security, but it has since evolved.    
      
   The threat actors have allegedly implemented additional defense mechanisms    
   and are deploying the miner filelessly in order to evade being spotted.    
      
   The researchers found that the threat actor assigned a unique mining worker    
   to each victim, making it relatively easy to determine how many devices were   
   likely compromised. Based on their analysis, the campaign likely impacted    
   more than 1,500 devices.    
      
   This suggests that misconfigured PostgreSQL instances are highly common,   
   providing a low hanging fruit entry point for opportunistic threat actors to   
   exploit, they said.    
      
   Furthermore, our data shows that nearly 90% of cloud environments self-host   
   PostgreSQL instances, of which a third have at least one instance that is   
   publicly exposed to the internet.    
      
    Via The Hacker News   
      
   ======================================================================   
   Link to news story:   
   https://www.techradar.com/pro/security/thousands-of-postgresql-servers-are-bei   
   ng-hijacked-to-mine-crypto   
      
   $$   
   --- SBBSecho 3.20-Linux   
    * Origin: capitolcityonline.net * Telnet/SSH:2022/HTTP (1:2320/105)   
   SEEN-BY: 105/81 106/201 128/187 129/305 153/7715 154/110 218/700 226/30   
   SEEN-BY: 227/114 229/110 111 114 206 300 307 317 400 426 428 470 664   
   SEEN-BY: 229/700 705 266/512 291/111 320/219 322/757 342/200 396/45   
   SEEN-BY: 460/58 712/848 902/26 2320/0 105 3634/12 5075/35   
   PATH: 2320/105 229/426