"PostgreSQL Databases Under Attack"
Cryptojacking attackers are targeting poorly protected PostgreSQL databases running on Linux machines. Aqua Security researchers observed the attack on a honeypot system, which began with the threat actors brute-forcing access credentials. Once access is gained, the threat actor creates a new user role with login capability and high privileges, strips the user role they compromised of superuser privileges, and more. The first payload, "PG_Core," mainly removes cron jobs for the current user and terminates processes associated with other cryptomining malware. This article continues to discuss the targeting of PostgreSQL databases by cryptojacking attackers.
Help Net Security reports "PostgreSQL Databases Under Attack"
Submitted by grigby1
Submitted by Gregory Rigby
on