In addition, the threat actor sends cryptominers to benefit from vulnerable systems, the cloud security intelligence and solutions provider added.
CRYSTALRAY uses existing proof of concepts vulnerabilities (PoCs) and uses OSS penetration testing tools to scan a list of targets against these vulnerabilities. Once discovered, they modify existing PoCs for payment and drop them into victim systems to gain access first.
“CRYSTALRAY’s motives are to collect and sell information, invest in cryptominers, and maintain persistence in target areas,” Sysdig said. “Other OSS tools the threat actor is using include zmap, asn, httpx, nuclei, platypus, and SSH-Snake.”
Source link