Security researchers at Tel Aviv-based security specialist Guardicore say they have identified a malicious campaign by a Chinese hacker that infected over 50,000 Windows MS-SQL and PHPMyAdmin servers around the world with malware, in a campaign characterised by a strange combination of sophistication and dozy incompetence. Companies in the healthcare, telecoms, media and IT sectors were all breached, the company says, with a significant number of the targeted servers infected with malicious payloads that installed a kernel-mode rootkit to prevent the malware (typically a crypto miner) from being terminated.

Read full article on CBR – CyberSecurity News