Monero Miner attacked Russian oil pipeline operator Transneft

by Alice Woods - - 2017-12-18

Russian oil pipeline operator suffered from Monero Miner attack

Monero Miner attacked Russian pipeline operator Transneft

Monero Miner^[1] hit Russian oil pipeline operator Transneft. The company reported about the attack on Friday, the 15th of December. According to Reuters,^[2] cryptocurrency miner was downloaded automatically by one of the company’s computers and later deleted. However, systems were fixed to avoid similar attacks in the future by disabling downloads in Transneft’s computers.

The recent information about the attack allows making assumptions that attackers used corporate hardware to mine cryptocurrency. Miner may have affected and diminished productivity of the processing capacity. However, the specific damage is unknown.

If the attackers are found, they might have to spend up to six years in Russian prison for hacking corporate servers. However, it is expected that this time might be extended up to 10 years.

Monero cryptocurrency mining might become a bigger problem

Recently, researchers spotted a new campaign that uses NSA exploits to install Monero mining malware on Linux and Windows Servers. According to F5 report,^[3] a new campaign called “Zealot” targets internal networks by using EternalBlue and EternalSynergy exploits.

Zealot campaign uses a multi-stage attack to install malware on the system and hacks servers by exploiting CVE-2017-5638 and CVE-2017-9822 vulnerabilities. The sophisticated functionality also uses PowerShell agent to perform malicious tasks on Windows. Meanwhile, for Linux, it uses a Python agent.

Cyber criminals have already made at least $8,500 worth of Monero. However, the advanced structure and functionality allow an attacker to modify malware and change its current purpose to ransomware installer.

Monero becomes popular cryptocurrency among criminals

There’s no doubt that Bitcoins are the most popular cryptocurrency. However, it seems that Monero becomes more and more attractive to criminals due to its high anonymity. According to the Check Point Software, CoinHive Monero miner was the sixth most popular malware since October 2017.^[4]

Among most popular attacks were held against Windows web servers. Criminals used the legitimate open source Monero mining software and altered it in order to exploit the CVE-2017-7269 vulnerability to install malware on unpatched servers.^[5] Criminals managed to make more than $63,000 worth of Monero in only three months

The torrent website The Pirate Bay also tried to use visitor’s CPU to mine this virtual currency in order to get profit and replace traditional ads on their site. However, one of the recent cases of Monero mining was held using Starbucks free Wi-Fi in Buenos Aires. The latter issue seems to be solved.^[6]

About the author

Alice Woods - Likes to teach users about virus prevention

Alice Woods is the News Editor at 2-spyware. She has been sharing her knowledge and research data with 2spyware readers since 2014.

Contact Alice Woods
About the company Esolutions

References

^ Lucia Danes. Monero Miner. How to remove? (Uninstall guide). 2-spyware. Security and spyware news.
^ Olga Yagova. Transneft says its computers were used for mining cryptocurrency. Reuters. The latest news.
^ Maxim Zavodchik, Liron Segal. Zealot: New apache struts campaign uses EternalBlue and EternalSynergy to mine Monero on Internal Networks. F5 Labs. Application threat intelligence.
^ Rachael Odhiambo. Monero Miner CoinHive Has Become 6th Most Popular Malware in Circulation. BitcoinAfrica. Africa's Blockchain news publication.
^ Swati Khandelwal. Hackers Exploiting Microsoft Servers to Mine Monero - Makes $63,000 In 3 Months. The Hacker News. Cyber security and hacking news.
^ Starbucks’ Wi-Fi Found Using People’s Laptops to Mine Monero. CNN. News website.