Today > | 2 Medium vulnerabilities   -   You can now download lists of IOCs here!

Attacker Abuses Victim Resources to Reap Rewards from Titan Network

Nov. 4, 2024, 12:02 p.m.

Description

An attacker exploited the Atlassian Confluence vulnerability CVE-2023-22527 to achieve remote code execution for cryptomining via the Titan Network. The malicious actor gathered system details using public IP lookup services and various commands. Multiple shell scripts were downloaded and executed to install Titan binaries and connect compromised machines to the Titan Network, specifically the Cassini Testnet. This allowed the attacker to participate in the delegated proof of stake system for reward tokens. The attack also involved installing an aleo-pool client for additional cryptomining activities. Furthermore, attempts at lateral movement through SSH in AWS cloud were observed, including the deployment of SSH public keys and modification of SSH configurations.

Date

Published: Nov. 4, 2024, 12:01 p.m.

Created: Nov. 4, 2024, 12:01 p.m.

Modified: Nov. 4, 2024, 12:02 p.m.

Indicators

aleo.zkrush.com

Attack Patterns

T1098.004

T1574.006

T1059.004

T1071.001

T1082

T1057

T1105

T1083

T1190

CVE-2023-22527