Just like any other industry domain, cryptocurrency and blockchain sector also has people who constantly work to sneak into the network secretly with an intention to snatch away the assets of the customers.
The recent announcement by a cybersecurity firm is about the disclosure of a notorious group responsible for channelizing a series of multiple cryptocurrency-mining malware attacks. These attacks were organized systematically while targeting business entities around the globe.
Monero, which apparently is reputed to be the first choice for crypto-based malware operations, has faced a scoop of nearly $100,000 through the malicious software packages. Cisco Talos Intelligence Group, the team that identified the fraudster package last summer, named it “Panda.”
On Tuesday, Talos revealed through its report that Panda uses remote access tools (RATs) along with crypto-mining malware to intrude into vulnerable web applications and also accesses networks of companies located in every corner of the world. As per Talos’ report, with the help of RAT, the organizational networks come at the risk of exposure to the hacking group who use it for mining of cryptocurrencies or stealing user information.
The Talos team stated:
This is far from the most sophisticated actor we’ve ever seen, but it still has been one of the most active attackers we’ve seen in Cisco Talos threat trap data.
The malicious group has proven its skill in updating its crucial tools as and when they are discovered in something of an arms race with qualified researchers of security sphere.
Cisco Talos Intelligence Group stated that Panda utilizes software threats which were initially put into use by Shadow Brokers and Mimikatz. Shadow Brokers is an infamous group that was responsible for publishing hacking tools stolen from the U.S National Security Agency. On the other hand, Mimikatz is an ill-reputed open-source software that is involved in stealing passwords from computer memory.
Talos revealed that its team had recognized “successful” and “widespread” malware campaigns aligned with Panda after its identification in 2018. Since then, Panda has advanced itself through an up-gradation in its infrastructure, exploits, and payloads.
The researching team said:
We believe Panda is a legitimate threat capable of spreading cryptocurrency miners that can use up valuable computing resources and slow down networks and systems. Talos confirmed that organizations in the banking, healthcare, transportation, telecommunications, IT services industries were affected in these campaigns.
Talos warned the financial sector against Panda by quoting that:
System administrators and researchers should never underestimate the damage an actor can do with widely available tools such as Mimikatz.
The group informed that Panda had been involved in crypto mining of around 1,215 monero (XMR) amounting to $91,000 at press time, since the time of its start.