How CrystalRay steals data using open-source software – Techzine Europe>
Tech Zine – Erik van Klinken
The Sysdig Threat Research Team (TRT) has identified a rapidly growing cybercriminal organization called CrystalRay, which extensively uses open-source software to target its victims
Since February, the group has increased the number of affected organizations tenfold to 1,500 worldwide, with the U.S. (30%) and China (18%) being the most affected
CrystalRay’s attack path is through Atlassian Confluence, using the penetration testing tool SSH-Snake to burrow deep into corporate networks
The group’s targeting is less precise than ransomware attacks or state-sponsored threat actors but more precise than botnets
Once a network is hit, CrystalRay uses ASN, an open-source tool, to find vulnerabilities without sending a packet to the victim
The group uses a combination of effective open-source tools, such as zmap for detecting vulnerable services and Nuclei for finding exploitable vulnerabilities
CrystalRay also deploys tools intended for security testing, such as Sliver, to exfiltrate sensitive data and move between servers
In addition to stealing credentials and installing cryptominers, CrystalRay sells access to its victims via the dark web and Telegram
The group also removes other cryptominers from compromised networks to eliminate competition
To combat these automated attacks, Sysdig recommends that organizations focus on patching vulnerabilities, gaining visibility into compromised systems through camera/runtime detection, and testing their own environments using open-source tools to identify and fix configuration errors and vulnerabilities before they can be exploited.
Link: https://www.techzine.eu/blogs/security/122182/how-crystalray-steals-data-using-open-source-software