Attacker Abuses Victim Resources to Reap Rewards from Titan Network

Tags

External References

• https://www.trendmicro.com/
• https://otx.alienvault.com/

Description

An attacker exploited the Atlassian Confluence vulnerability CVE-2023-22527 to achieve remote code execution for cryptomining via the Titan Network. The malicious actor gathered system details using public IP lookup services and various commands. Multiple shell scripts were downloaded and executed to install Titan binaries and connect compromised machines to the Titan Network, specifically the Cassini Testnet. This allowed the attacker to participate in the delegated proof of stake system for reward tokens. The attack also involved installing an aleo-pool client for additional cryptomining activities. Furthermore, attempts at lateral movement through SSH in AWS cloud were observed, including the deployment of SSH public keys and modification of SSH configurations.

Date