Home / Early Warning / Cybersecurity Highlights / Thousands of MS-SQL and PHPMyAdmin servers infected in Nansh0u campaign

Thousands of MS-SQL and PHPMyAdmin servers infected in Nansh0u campaign

05/29/2019

Experts from Guardicore Labs, a cybersecurity research company, published an extensive report on 29 May detailing a cryptojacking campaign, called Nansh0u, that attacked MS-SQL (Windows) and PHPMyAdmin servers.

Guardicore Labs, which initially detected the campaign in April, believes that malware would have infected up to 50,000 servers. The attack used is based on brute force against publicly accessible servers using port scanning. It then downloads and runs a payload that installs malware on compromised servers to undermine the TurtleCoin cryptomoneda.

The company recommends organizations to protect their assets with robust credentials and network segmentation solutions.