Skip to main content

New malware group launches attacks on thousands of enterprise devices

(Image credit: Photo Credit:

A new hacking group that seeks to leverage enterprise devices for cryptocurrency mining has been identified by cybersecurity researchers at Red Canary.

Dubbed Blue Mockingbird, the group targets enterprise networks and devices vulnerable to CVE-2019-18935 and looks to install a web shell that provides full access to the system.

Once inside, the syndicate installs XMRRig, a popular cryptocurrency miner that mines Monero (XMR) - a popular choice among cybercriminals because considered fully anonymous and untraceable.

Some ransomware operators that have traditionally asked for ransom fees to be paid in Bitcoin (BTC) have also now switched to Monero.

Speaking to ZDNet earlier this month, the researchers said that they had not determined the full scope of the group's operations, but believe it has infected at least 1,000 enterprise systems to date.

"Like any security company, we have limited visibility into the threat landscape and no way of accurately knowing the full scope of this threat," said a Red Canary spokesperson.

"This threat, in particular, has affected a very small percentage of the organizations whose endpoints we monitor. However, we observed roughly 1,000 infections within those organizations, and over a short amount of time."

To mitigate against the threat, Red Canary advises businesses to focus on patching web servers, web applications, and dependencies of the applications.

“Most of the techniques used by Blue Mockingbird will bypass whitelisting technologies, so the best route will be to inhibit initial access,” said the firm.