When you purchase through links on our site, we may earn an affiliate commission.Heres how it works.
The group started with ransomware in 2020, and added the crypto-mining part two years later.
Brute force
For ransomware, Google further explains, the group mostly targets on-prem systems.
For cryptomining, it targets cloud infrastructure from Google Cloud, AWS,MicrosoftAzure, Linode, and more.
Initial access is mostly done through brute-force attacks on remote desktop servers, or via stolen credentials.
For cryptomining, the group mostly uses unMiner.
Interestingly enough, there was no mention of XMRig, by far the most popular cryptojacker out there.
