SQL Brute Force Leads to BlueSky Ransomware

In December 2022, we observed an intrusion on a public-facing MSSQL Server, which resulted in BlueSky ransomware. First discovered in June 2022, BlueSky ransomware has code links to Conti and Babuk ransomware.

While other reports point to malware downloads as initial access, in this report the threat actors gained access via a MSSQL brute force attack. They then leveraged Cobalt Strike and Tor2Mine to perform post-exploitation activities. Within one hour of the threat actors accessing the network, they deployed BlueSky ransomware network wide.

Image

Image alternative text

Federation

Status:

On | Off

Instances:

/m/sysadmin

Threads (21)

Microblog (323)

All Content

People

Magazines

Collections

Thread

btp

@btp@kbin.social

Added: 5 months ago
Online: -
Ratio: 0

Magazine

Sysadmin

@sysadmin@kbin.social

A community dedicated to the profession of IT Systems Administration.

Created: 11 months ago
Owner: btp
Subscribers: 1486
Online: -

Moderators

Active people

How to enable #Debian #Linux 12 Backports repository https://www.cyberciti.biz/faq/install-enable-debian-linux-12-backports-repository/ Learn how to enable, install, and search for packages from the Debian Linux 12 "bookworm" Backports repository in this quick tutorial. #sysadmin #opensource

12 days ago to debian

RAID5 is not a backup....

16 days ago to random

We're celebrating 2 years of #OSJH! Browse jobs from open source organizations and find your next place in the open source ecosystem https://opensourcejobhub.com/ #jobs #career #OpenSource #WFH #FOSS #tech #RemoteWork #engineer #DevOps #sysadmin #sales #marketing #hiring

18 days ago to opensource

Putting today's events on the scale, it seems balanced:...

9 days ago to IT

Related threads

University of Michigan employee, student data stolen in cyberattack

6 months ago to sysadmin

openSUSE Wishes You a Happy SysAdmin Day

9 months ago to openSUSE

Black Lotus boot wim patch issues for MCM/MECM/SCCM

11 months ago to sysadmin

Add comment