Threat Actor Spotlight: Inside the Bold Playbook of CRYPTOJACKERS OF INDIAv

CRYPTOJACKERS OF INDIA is an emerging threatactor group operating out of India, notorious for targeting exposed FTPservers, VNC systems, and routers across nations like Malaysia, Bangladesh,Ukraine, Pakistan, and Nigeria. Claiming hacktivist motives through their Telegram channel, the group has reportedly breached critical infrastructure inmultiple regions. They often leave behind digital calling cards such aspwned.txt and are known for publicly leaking stolen data to maximize impact.The name "CRYPTOJACKERS" isn't just branding; it hints at their suspected involvement in cryptocurrency mining campaigns, using compromised systems to covertly generate revenue.

Target Sectors: Rail Transportation, Electrical Equipment, Appliance,and Component Manufacturing, Public Administration, Administrative and Supportand Waste Management and Remediation Services, Educational Services, Space Research and Technology, National Security and International Affairs,Telecommunications, Transportation and Warehousing

Indicators of Attack (IoA):

·      Exploitation of public-facing applications (e.g., FTP, VNC servers)

·      Deployment of cryptojacking malware to hijack system resources

·      Use of tools like Metasploit for exploitation

·      Credential harvesting techniques

·      Leaking stolen data through public platforms like Telegram

LatestCampaigns: Targeted attacks against Malaysian infrastructure, including FTP servers, withdata leaks publicized through Telegram.

Related CVEs:

CVE-2011-2523

Mitigation Strategies

·      EnhancedNetwork Security: Implement robust security measures for FTP servers, VNC systems, and routers,including strong authentication, access control, and regular security updates.

·      Anti-MalwareProtection:Deploy comprehensive anti-malware solutions to detect and prevent potential cryptojacking attacks.

·      DataLeak Monitoring: Monitor network traffic and systems for signs of data exfiltration and employ tools todetect potential data leaks.

·      Awarenessand Training:Train employees in best practices for cybersecurity and how to recognize andreport potential threats.