Guardicore’s Threat Intelligence Firewall identifies and blocks incoming and outgoing connections to known malicious IPs, limiting the network attack surface and eliminating attacker activity before it reaches critical assets in the data center.
About Mor Matalon
Mor is a senior cyber security analyst at Guardicore where she is responsible for apprehend and research the latest threats facing data centers and clouds. Mor holds BSc in Mathematics and The History of The Middle East. Prior to Guardicore, she served as a captain in the Israel Defense Forces (IDF).
Guardicore Labs has uncovered a previously unknown operation named Prowli, focused on cryptocurrency mining and traffic hijacking. This operation showcases how attackers abuses insecure websites and their visitors by redirecting them to malicious domains.
In the last few months GuardiCore Labs has been investigating multiple attack campaigns conducted by an established Chinese crime group that operates worldwide. The campaigns are launched from a large coordinated infrastructure and are mostly targeting servers running database services. By now we were able to identify three attack variants – Hex, Hanako and Taylor – targeting different SQL Servers, each with its own goals, scale and target services. This report covers the attackers’ infrastructure, attack variants and how the victims are used for both profit and further propagation.