Cryptojacking operation Kinsing, also known as H2Miner, had its botnet strengthened with the addition of new security vulnerabilities, reports The Hacker News.
Click for more special coverage
Attacks by Kinsing involved the utilization of vulnerability scanning and exploiting servers, payload and script staging servers, and command-and-control servers, with the latter using IP addresses directed to Russia, according to a report from Aqua. Different tools have also been leveraged by Kinsing to target various operating systems, said researchers, who added that most of the apps targeted by the operation were open-source apps.
Further analysis also revealed the different program categories leveraged by Kinsing, including Type I and Type II scripts for next-stage payload deployment, auxiliary scripts, and binaries.
"Kinsing targets Linux and Windows systems, often by exploiting vulnerabilities in web applications or misconfigurations such as Docker API and Kubernetes to run cryptominers. To prevent potential threats like Kinsing, proactive measures such as hardening workloads pre-deployment are crucial," said Aqua.
