#1 Trusted Cybersecurity News Platform Followed by 4.50+ million
The Hacker News Logo
Subscribe – Get Latest News
Insider Risk Management

MS SQL | Breaking Cybersecurity News | The Hacker News

Turkish Hackers Exploiting Poorly Secured MS SQL Servers Across the Globe

Turkish Hackers Exploiting Poorly Secured MS SQL Servers Across the Globe

Jan 09, 2024 Data Security / Cyber Attack
Poorly secured Microsoft SQL (MS SQL) servers are being targeted in the U.S., European Union, and Latin American (LATAM) regions as part of an ongoing financially motivated campaign to gain initial access. "The analyzed threat campaign appears to end in one of two ways, either the selling of 'access' to the compromised host, or the ultimate delivery of ransomware payloads," Securonix researchers Den Iuzvyk, Tim Peck, and Oleg Kolesnikov said in a technical report shared with The Hacker News. The campaign, linked to actors of Turkish origin, has been codenamed  RE#TURGENCE  by the cybersecurity firm. Initial access to the servers entails conducting brute-force attacks, followed by the use of  xp_cmdshell configuration option  to run shell commands on the compromised host. This activity mirrors that of a prior campaign dubbed  DB#JAMMER  that came to light in September 2023. This stage paves the way for the retrieval of a PowerShell script from a remote server that's responsible f
CLR SqlShell Malware Targets MS SQL Servers for Crypto Mining and Ransomware

CLR SqlShell Malware Targets MS SQL Servers for Crypto Mining and Ransomware

May 15, 2023 Data Security / Cryptocurrency
Poorly managed Microsoft SQL (MS SQL) servers are the target of a new campaign that's designed to propagate a category of malware called  CLR SqlShell  that ultimately facilitates the deployment of cryptocurrency miners and ransomware. "Similar to web shell, which can be installed on web servers, SqlShell is a malware strain that supports various features after being installed on an MS SQL server, such as executing commands from threat actors and carrying out all sorts of malicious behavior," AhnLab Security Emergency response Center (ASEC)  said  in a report published last week. A stored procedure is a subroutine that contains a set of Structured Query Language (SQL) statements for use across multiple programs in a relational database management system (RDBMS). CLR (short for common language runtime) stored procedures – available in SQL Server 2005 and later – refer to  stored procedures  that are written in a .NET language such as C# or Visual Basic. The attack me
Cybersecurity
Expert Insights
Cybersecurity Resources