An organized group of cybercriminals is currently targeting database services in a new botnet build-up that’s being leveraged for cryptocurrency mining, among other more traditional botnet attack patterns. Discovered by researchers with GuardiCore Labs, the so-called Hex-Men attacks have been slowly evolving since March and remain ongoing.
The researchers say there are three main variants – Hex, Hanako, and Tayler – each of which target different SQL servers and have their own unique goals, scale, and target servers. Based on the evidence they’ve gathered, it appears the attackers are based out of China, with a heavy emphasis on Chinese victims but also plenty of other targets located in Thailand, the US, Japan, and other targets globally.
Read more about the Hex-Men attacks on DarkReading.