Hackers are using leaked NSA cyberweapons to mine cryptocurrency over vulnerable servers.
The weapons can be used to take over Windows and Linux systems, and download malware that can mine the digital currency Monero, according to security provider F5 Networks.
To spread the mining across a victim's network, the attacks leverage two NSA-developed exploits—EternalBlue and EternalSynergy—which were leaked online in April. Both exploits can make hijacking Windows systems easy, and they've already been used to propagate ransomware attacks across the world.
However, the NSA cyberweapons have also proved useful when it comes to cryptocurrency mining. By hijacking the machines, a hacker can exploit the computing power to more quickly mine Monero, which has been rising in value and become a favored currency among cybercriminals.
It isn't clear how many machines have been hit with this mining attack, or how much profit has been generated. However, F5 Networks did notice $8,500 in Monero being forwarded from the attack to one specific mining address.
Real Life. Real News. Real Voices
Help us tell more of the stories that matterBecome a founding member
- Coinhive Tries to Appease Critics With Opt-in Crypto Miner Coinhive Tries to Appease Critics With Opt-in Crypto Miner
The hackers have been targeting systems running Apache Struts, a web application framework that has history of containing critical security bugs. The attacks exploit two bugs in Apache Struts, one of which was used to breach credit agency Equifax earlier this year.
Both bugs, in addition to the NSA-developed exploits, have all been patched. But companies can be slow to update their systems with the newest software, making them vulnerable to the attack.
F5 Networks said the hackers have only been using the hijacked servers to mine Monero, which at worst could hog system resources and increase a victim's electric bill. But F5 Networks also warned: "attackers could use compromised systems to do whatever they want."
Subscribe to the newsletter news
We hate SPAM and promise to keep your email address safe