Turkish Hackers Exploiting Poorly Secured MS SQL Servers Across the Globe – RedPacket Security>
Red Packet Security – @RedPacketSec
Turkish hackers are targeting poorly secured MS SQL servers globally in a financially motivated campaign.
The threat campaign, named RE#TURGENCE, involves initial brute-force attacks and the use of xp_cmdshell to run shell commands, similar to a previous campaign, DB#JAMMER.
The attack involves deploying ransomware and includes the use of legitimate tools like AnyDesk and PsExec for lateral movement.
Securonix uncovered a blunder that revealed the hackers’ Turkish origins and online aliases.
The researchers warned against exposing critical servers directly to the internet and emphasized the importance of taking appropriate security measures.
Link: https://www.redpacketsecurity.com/turkish-hackers-exploiting-poorly-secured-ms-sql-servers-across-the-globe/