Hackers Cripple Thousands of Servers with Cutting-Edge Crypto Miners

An Israeli-based cybersecurity company announced the discovery of a full-fledged crypto mining crusade that crippled at least 50,000 servers around the world.

In a blog post dated May the 29th, Guardicore stated that the attack wave, dubbed the Nansh0u Campaign, uses cutting-edge algorithms in infect servers and computers. No one has been able to stem the advance of this malware, as the hackers use state-grade cybernetic weapons.

What is the Nansh0u campaign?

According to Guardicore Labs, the cybersecurity company who flagged down the event declared that 50,000 servers have already been compromised with thousands more to follow.

The viral payload has been delivered by no less than 20 distinct malware. Moreover, in the Nansh0u campaign case report, Guardicore noted that a new attack vector is being created and deployed ever other weak, which makes it challenging if not impossible to counter this threat.

An in-depth analysis of Nansh0u revealed that the malware could not be removed from the infect computer or server. Guardicore explained that once the viral package reaches its destination, it automatically installs a rootkit.

In commenting on the incident, the cybersecurity company said that this is the most aggressive and advanced cyber attack it has witnessed.

More than that, upon analyzing the viral payloads, the cybersecurity researchers discovered that the malware packages are not common; in fact, they appear to resemble those used by superpowers in order to attack other countries.

The mystery seems to deepen, as the scripting is in Chinese, although the IP addresses used to disseminate the packages point to a place in South Africa.

Is China behind these fiendish attacks? We can’t know for sure. It’s a working theory. Guardicore stated that the algorithms and vectors might have been stolen from a Governmental cybersecurity research facility and set loose on the Internet.

As for the attack itself, the cybersecurity company stated that it was what one might call a frontal, brute-force assault. Although it’s somewhat inconceivable that such an attack can literally knock out every bit of security layer out, the Nansh0u campaign proves that this is still possible.

Furthermore, it highlights that company owners and hosting platforms don’t take enough precaution when it comes to unauthorized access.

Guardicore said that the spread of this crypto miner was possible because the hosting platforms had lax password protection. In other words, one of the most advanced cyberweapons is now circulating only because someone ‘forgot’ to that password should contain more than 8 characters.


So, where does that leave us? Basically, we have 50,000 servers out there that have been exposed to a cutting-edge crypto miner. You can’t shake it loose, and you can’t get rid of it. What should be done in this case?

The answer to this question seems to be coming from the very researchers who discovered the attack in the first place – simple things: change your password regularly, avoid opening suspicious links, and download only legitimate applications from e-stores such as Google Play or Apple.

What do you think about the recent crypto mining attack? Head to the comments section and let us know.

About Daniel Sadler

Old-school PC gamer, poetry buff, cat lover, tech wiz. His writing career began almost two decades ago when he modestly acknowledged that hindsight or, lack thereof, can compromise security. He enjoys spending quality time with his friends and family. Most of his friends refer to Daniel as a "man of a few words, but, man, what words!" His interests include cybersecurity, IT, blogging, and, of course, everything related to technology.

Leave a Reply

Your email address will not be published. Required fields are marked *