Over 4,000 ISP IP addresses have been targeted in a large-scale brute-force attack campaign, aimed at deploying info stealers and cryptocurrency miners. The attack primarily targeted ISPs in China and the West Coast of the United States. It exploited weak credentials and involved tools such as Python and PowerShell for stealthy operations. The attackers used the compromised systems for data exfiltration and mining cryptocurrency using XMRig.
The attackers deployed stealer malware capable of capturing screenshots and stealing clipboard content, specifically targeting cryptocurrency wallet addresses. The stolen information was sent to a Telegram bot. Additionally, tools like Auto.exe and Masscan.exe were used for further exploitation, including brute-force attacks and scanning IP addresses for open ports.
The attackers deployed stealer malware capable of capturing screenshots and stealing clipboard content, specifically targeting cryptocurrency wallet addresses. The stolen information was sent to a Telegram bot. Additionally, tools like Auto.exe and Masscan.exe were used for further exploitation, including brute-force attacks and scanning IP addresses for open ports.
![[Image: MxgnhgZ.gif]](https://i.imgur.com/MxgnhgZ.gif)