Guardicore Labs has uncovered a previously unknown operation named Prowli, focused on cryptocurrency mining and traffic hijacking. This operation showcases how attackers abuses insecure websites and their visitors by redirecting them to malicious domains.
About Mor Matalon
Mor is a senior cyber security analyst at Guardicore where she is responsible for apprehend and research the latest threats facing data centers and clouds. Mor holds BSc in Mathematics and The History of The Middle East. Prior to Guardicore, she served as a captain in the Israel Defense Forces (IDF).
Entries by Mor Matalon
In the last few months GuardiCore Labs has been investigating multiple attack campaigns conducted by an established Chinese crime group that operates worldwide. The campaigns are launched from a large coordinated infrastructure and are mostly targeting servers running database services. By now we were able to identify three attack variants – Hex, Hanako and Taylor – targeting different SQL Servers, each with its own goals, scale and target services. This report covers the attackers’ infrastructure, attack variants and how the victims are used for both profit and further propagation.