Indonesia-based botnet network <a href="https://www.cryptoknowmics.com/news/lemon-duck-botnet-is-infecting-users-through-fake-covid-19-emails/">KashmirBlack</a> attacks popular content management systems (CMS) such as <a href="https://www.cryptoknowmics.com/news/contents-on-wordpress-can-now-be-timestamped-on-ethereum/">WordPress</a>, Drupal, Joomla among others. The botnet network intends to attack CMS platforms and use their servers for <a href="https://www.cryptoknowmics.com/news/guide-to-cryptocurrency-mining/">cryptocurrency mining</a> or sending spams to victims.
<h2><b>Member of PhantomGhost Hacker Group Behind The Botnet</b></h2>
U.S.-based cybersecurity firm Imperva <a href="https://www.imperva.com/blog/crimeops-of-the-kashmirblack-botnet-part-i/">uncovered</a> the highly sophisticated botnet. The botnet network is run by the hacker "Exect1337," a member of the Indonesian hacker crew PhantomGhost. Researchers were able to link the botnet to the particular Indonesian hacking group by tracing IP addresses used during a website defacement campaign earlier this year.

Ofir Shaty, Imperva security researcher and research co-author share his views saying:

“This is the first time we have been able to get visibility into how exactly a botnet like this operates; an important discovery that will help the industry better understand how these nefarious groups evolve and sustain their activity.”

According to the report, KashmirBlack started operating last year in November 2019 and has attacked thousands of websites including WordPress, Joomla, PrestaShop, Magento, Drupal, vBulletin, OsCommerce, OpenCart, and Yeager.

Researchers at Imperva says that it is also supported by 60 other compromised content management servers as part of its malicious infrastructure.
<h2><b>KashmirBlack Botnet Infected Around 700 CMS Platforms Everyday</b></h2>
The security researchers at Imperva have estimated that KashmirBlack has infected around 700 vulnerable content management system servers each day. This implies that the botnet alone has compromised around 230,000 servers yet.

Attackers of KashmirBlack use cloud services from platforms such as GitHub, Dropbox, and Pastebin to hide from security tools while sending out additional spams to the infected servers.

Moreover, KashmirBlack botnet is controlled by a single command-and-control server. In March, the botnet network added a crypto mining function, using XMRig malware to mine for Monero cryptocurrency. Security researchers at Imperva were able to uncover this by tracing this activity to a digital wallet.

KashmirBlack Botnet Hits at CMS for Cryptocurrency Mining

Indonesia-based botnet network KashmirBlack attacks popular content management systems (CMS) platforms to use their servers for cryptocurrency mining.

Jafrin is a cryptocurrency journalist/researcher fascinated by the world of decentralization. She is hopeful towards blockchain’s innovation and its potential to reshape the world for good. Currently, she is bringing out the best of cryptosphere via covering the latest ins and outs of the blockchain space.

KashmirBlack Botnet Hits at CMS for Cryptocurrency Mining

Top Picks