Turkish Cyber Threat Targets MSSQL Servers With Mimic Ransomware

A sophisticated attack campaign codenamed RE#TURGENCE by researchers has been discovered infiltrating Microsoft SQL database servers across the United States, European Union, and Latin America, with the primary aim of deploying Mimic ransomware payloads.
The modus operandi of RE#TURGENCE also culminates in another potential outcome: the illicit sale of access to the compromised servers, according to a Securonix report, out today, detailing the threat.
Researchers there noted that the malicious actors, based in Turkey, thus appear to be financially motivated.
Beyond that, the nature of the attackers is unknown; Securonix's dedicated Threat Research team was able to glean critical insights into the current spate of attacks only after a significant operational security lapse by the group.
That breach revealed extensive communications, negotiation tactics, compromised passwords, and a treasure trove of invaluable intelligence, researchers said.
Anatomy of Mimic Ransomware Attacks on MSSQL Servers Microsoft's proprietary relational database is a popular target among cyberattackers given its mission-critical nature, and wide deployment across a number of sectors, including enterprises, critical infrastructure, and government.
Securonix was able to determine that in the latest offensive against the attack surface, the RE#TURGENCE campaign, the assailants zero in on MSSQL servers by exploiting known critical vulnerabilities in the platform; they then utilize the enabled xp cmdshell function inherent in these servers, which enables administrative capabilities.
By exploiting this foothold, threat actors are able to execute malicious code on the targeted host, further facilitating their unrestricted access; the attackers can then immediately pivot to system enumeration, employing shell commands to dismantle existing defenses, according to Securonix.
The threat actors then deploy a suite of tools to entrench their presence on the compromised server, ensuring persistence and control, and then move within the network, leveraging Mimikatz and Advanced Port Scanner data.
Avoiding MSSQL Database Compromise MSSQL databases are often misconfigured, which also contributes to their popularity amongst cybercriminals.
A July 2023 report from Palo Alto's Unit 42 revealed a staggering 174% increase in malicious attacks targeting vulnerable SQL servers compared to the previous year.
To protect themselves, organizations should first make sure basic configurations are secure and, if possible, the databases should not be enabled on publicly exposed servers.
The firm's report also recommended enabling process-level logging on endpoints and servers for enhanced telemetry for both detections and threat hunting.
Kolesnikov explained the RE#TURGENCE threat campaign differs from that and other previous MSSQL database server-targeting attacks, however.


This Cyber News was published on www.darkreading.com. Publication date: Tue, 09 Jan 2024 18:45:04 +0000


Cyber News related to Turkish Cyber Threat Targets MSSQL Servers With Mimic Ransomware

Turkish Cyber Threat Targets MSSQL Servers With Mimic Ransomware - A sophisticated attack campaign codenamed RE#TURGENCE by researchers has been discovered infiltrating Microsoft SQL database servers across the United States, European Union, and Latin America, with the primary aim of deploying Mimic ransomware ...
10 months ago Darkreading.com
Hackers target Microsoft SQL servers in Mimic ransomware attacks - A group of financially motivated Turkish hackers targets Microsoft SQL servers worldwide to encrypt the victims' files with Mimic ransomware. These ongoing attacks are tracked as RE#TURGENCE and have been directed at targets in the European Union, ...
10 months ago Bleepingcomputer.com
Targeting homeowners' data - As these companies obtain a large amount of sensitive information from their customers, they become attractive targets for ransomware gangs to conduct double-extortion attacks. Finland is also warning of Akira ransomware increasingly targeting ...
10 months ago Bleepingcomputer.com
Fighting ransomware: A guide to getting the right cybersecurity insurance - While the cybersecurity risk insurance market has been around for more than 20 years, the rapidly changing nature of attacks and the rise in the ransomware epidemic has markedly changed the nature of cyber insurance in recent years. It's more ...
10 months ago Scmagazine.com
Enabling Threat-Informed Cybersecurity: Evolving CISA's Approach to Cyber Threat Information Sharing - One of CISA's most important and enduring roles is providing timely and actionable cybersecurity information to our partners across the country. Nearly a decade ago, CISA stood up our Automated Indicator Sharing, or AIS, program to widely exchange ...
11 months ago Cisa.gov
Cyber Insurance: A Smart Investment to Protect Your Business from Cyber Threats in 2023 - Don't wait until it's too late - get cyber insurance today and secure your business for tomorrow. According to the U.S. Federal Trade Commission, cyber insurance is a particular type of insurance that helps businesses mitigate financial losses ...
9 months ago Cyberdefensemagazine.com
New Mimic Ransomware Abuses Windows Search Tool to Attack Victims - A new ransomware threat has been discovered that abuses the Windows Search Tool to locate and encrypt sensitive data. Dubbed Mimic, the ransomware was identified by malware researchers at Force Point Security Defense. Mimic encrypts a victim’s ...
1 year ago Bleepingcomputer.com
Cyber Insurance for Businesses: Navigating Coverage - To mitigate these risks, many businesses opt for cyber insurance. With the wide range of policies available, navigating the world of cyber insurance can be overwhelming. In this article, we will delve into the complexities of cyber insurance and ...
9 months ago Securityzap.com
What Is Cyber Threat Hunting? - Cyber threat hunting involves proactively searching for threats on an organization's network that are unknown to traditional cybersecurity solutions. A recent report from Armis found that cyber attack attempts increased by 104% in 2023, underscoring ...
9 months ago Techrepublic.com
Three Key Threats Fueling the Future of Cyber Attacks - Improvements in cyber security and business continuity are helping to combat encryption-based ransomware attacks, yet the cyber threat landscape is continually evolving. Protecting an organization against intrusion remains a cat and mouse game, in ...
7 months ago Cyberdefensemagazine.com
What CIRCIA Means for Critical Infrastructure Providers and How Breach and Attack Simulation Can Help - Cyber Defense Magazine - To prepare themselves for future attacks, organizations can utilize BAS to simulate real-world attacks against their security ecosystem, recreating attack scenarios specific to their critical infrastructure sector and function within that sector, ...
1 month ago Cyberdefensemagazine.com
Cyber Insights 2023: The Geopolitical Effect - The result is more than a dozen features on subjects ranging from AI, quantum encryption, and attack surface management to venture capital, regulations, and criminal gangs. The Russia/Ukraine war that started in early 2022 has been mirrored by a ...
1 year ago Securityweek.com
Medusa Ransomware Turning Your Files into Stone - Unit 42 Threat Intelligence analysts have noticed an escalation in Medusa ransomware activities and a shift in tactics toward extortion, characterized by the introduction in early 2023 of their dedicated leak site called the Medusa Blog. The Unit 42 ...
10 months ago Unit42.paloaltonetworks.com
Hive Ransomware: A Detailed Analysis - This past week, on January 26th, to be exact, the FBI successfully shut down the Hive ransomware group and saved victims over a hundred million dollars in ransom payments and remediation costs. As ransomware continues to be a national security threat ...
1 year ago Heimdalsecurity.com
Ransomware wiping out data on tape backups and malware hitting MYSQL Servers - Finland's National Cyber Security Centre has issued a warning concerning a new wave of cyber threats, with hackers now deploying ransomware on Network Attached Storage appliances and tape storage media, aiming to obliterate stored information. The ...
10 months ago Cybersecurity-insiders.com
Companies Must Strengthen Cyber Defense in Face of Shifting Threat Actor Strategies - Critical for organizations to understand attackers' tactics, techniques, and procedures. The 2023 mid-year cyber threat report card portends an ominous outlook with staggering data including the fact that 332 million cryptojacking attacks were ...
11 months ago Cyberdefensemagazine.com
SQL Brute Force leads to Bluesky Ransomware - In December 2022, we observed an intrusion on a public-facing MSSQL Server, which resulted in BlueSky ransomware. First discovered in June 2022, BlueSky ransomware has code links to Conti and Babuk ransomware. While other reports point to malware ...
11 months ago Thedfirreport.com
Wargames director Jackie Schneider on why cyber is one of 'the most interesting scholarly puzzles' - In other games, we had people from Silicon Valley who were leading AI companies or cyber companies. What we found is those who had expertise in cyber operations were more likely to be more nuanced about how they used the cyber capability. On a larger ...
5 months ago Therecord.media
Ransomware trends and recovery strategies companies should know - Ransomware attacks can have severe consequences, causing financial losses, reputational damage, and operational disruptions. The methods used to deliver ransomware vary, including phishing emails, malicious websites, and exploiting vulnerabilities in ...
11 months ago Helpnetsecurity.com
Top 7 Cyber Threat Hunting Tools for 2024 - Cyber threat hunting is a proactive security measure taken to detect and neutralize potential threats on a network before they cause significant damage. To seek out this type of threat, security professionals use cyber threat-hunting tools. With ...
9 months ago Techrepublic.com
Does Pentesting Actually Save You Money On Cyber Insurance Premiums? - Way back in the cyber dark ages of the early 1990s as many households were buying their first candy-colored Macintoshes and using them to play Oregon Trail and visit AOL chat rooms, many businesses started venturing into the digital realm as well by ...
11 months ago Securityboulevard.com
The Top 10 Ransomware Groups of 2023 - This article takes an in-depth look at the rise in ransomware attacks over the past year and the criminal groups driving the surge in cyber extortion. LockBit has established itself as one of the most notorious ransomware operations since emerging on ...
10 months ago Securityboulevard.com
Ransomware Roundup - The Ransomware Roundup report aims to provide readers with brief insights into the evolving ransomware landscape and the Fortinet solutions that protect against those variants. This edition of the Ransomware Roundup covers the 8base ransomware. 8base ...
10 months ago Feeds.fortinet.com
Ransomware Roundup - On a bi-weekly basis, FortiGuard Labs gathers data on ransomware variants of interest that have been gaining traction within our datasets and the OSINT community. The Ransomware Roundup report aims to provide readers with brief insights into the ...
8 months ago Feeds.fortinet.com
Hackers Exploiting Poorly Unsecured MS SQL Servers - An ongoing threat campaign dubbed RE#TURGENCE has been observed, which involves targeting MS SQL servers in an attempt to deliver a MIMIC ransomware payload. Turkish threat actors with financial motivations seem to be aiming after the US, EU, and ...
10 months ago Cybersecuritynews.com

Latest Cyber News


Cyber Trends (last 7 days)


Trending Cyber News (last 7 days)