Attack campaign hits thousands of MS-SQL servers for two years
In December, security researchers noticed an uptick in brute-force attacks against publicly exposed Microsoft SQL servers. It turns out the attacks go as far back as May 2018 and infect on average a couple thousand database servers every day with remote access Trojans (RATs) and cryptominers.
Researchers from Guardicore Labs have dubbed the ongoing campaign Vollgar and traced it back to China. The scans and attacks originate from Chinese IP addresses — likely associated with infected and hijacked machines — and the command-and-control (C&C) servers are also hosted in China and uses Chinese language for their web-based management interfaces.