Cybercriminals target MS SQL servers to deliver ransomware

A cyberattack campaign is targeting exposed Microsoft SQL (MS SQL) databases, aiming to deliver ransomware and Cobalt Strike payloads. The attack campaign The attackers target exposed MS SQL servers by brute-forcing access credentials. After having successfully authenticated, they start enumerating the database. A (too often) enabled xp_cmdshell function also allows attackers to run shell commands on the host and launch several payloads. Attackers then: Create new users on the victim host Make registry changes to … More →

The post …

access attack attackers brute brute-force campaign cobalt cobalt strike credentials cyberattack cybercriminals database databases don't miss exposed function hot stuff microsoft microsoft sql ms sql server ransomware servers sql sql servers start strike target targeting xp_cmdshell