In a concerning development on the cybersecurity front, unknown threat actors have set their sights on inadequately protected Microsoft SQL servers, launching a campaign to infect them with a novel strain of ransomware. A recent report by cybersecurity experts at Securonix sheds light on this worrisome trend, revealing the tactics employed by hackers in this latest assault.
The campaign begins with hackers attempting to gain unauthorized access to MS SQL servers through brute-force attacks. Once they breach the defenses, a sequence of actions unfolds, starting with the deployment of a Cobalt Strike beacon. This is followed by lateral movement through the target network and endpoints, culminating in the deployment of a ransomware variant known as FreeWorld.