According to Hacker News, more than 2,000 Microsoft SQL database servers have been compromised by cryptojackers with the 'Volgar' botnet that has been up and running since 2018.
Monero and Vollar
The hackers behind this operation were able to infect up to 3,000 servers over the last few weeks. They use brute-force password-guessing attacks to create backdoor users and execute malicious commands.
Their possible victims span a myriad of industries -- from healthcare to telecommunication.
With the help of infected servers, the attackers were able to mine Monero (XMR) and a little-known altcoin called Vollar (the botnet itself was named after this cryptocurrency).
A new source of monetization
The machines that run MS-SQL databases are an attractive target for hackers. On top of storing valuable personal information, they also boast powerful CPUs, which is particularly valuable for those bad actors who rely on cryptojacking for monetization.
As reported to U.Today, the Stantinko botnet recently added new obfuscating techniques for illegal cryptocurrency mining.