Campaigns
RE TURGENCE: Turkish Hackers' New Target - MSSQL Servers

RE TURGENCE: Turkish Hackers' New Target - MSSQL Servers

https://platform.socradar.com/app/threat/malware/win.mimic
RE TURGENCE campaign by Turkish hackers using Mimic ransomware to target weak Microsoft SQL servers in the US, EU and Latin America. This campaign, uncovered by Securonix, aims to exploit vulnerabilities for financial gain by selling access or installing ransomware on compromised hosts.

Indicators of Compromise

No domains found for this campaign

Campaign Guidance

Remediation, mitigation, notes, history and related intelligence

REMEDIATIONS

To remediate and protect against campaigns like RE#TURGENCE that targets MSSQL servers, several steps can be taken. These measures aim to enhance security, particularly against brute-force attacks and ransomware deployment:

  • Strong Password Policies: Implement strong password policies to prevent brute-force attacks. Passwords should be complex, unique, and regularly changed.

  • Network Security: Restrict MSSQL servers from being directly accessible from the internet. Use firewalls to control the traffic to the server and ensure that only authorized users can access it.

  • Regular Updates: Keep the SQL server and all related software up to date. Regularly apply patches and updates to mitigate known vulnerabilities.

  • Lock Out After a Certain Failed Attempts: One of the suggested prevention of brute force attack is applying lock out mechanism after a certain failed login attempts. 

  • Regular Backups: Regularly back up databases and store them securely. This ensures data availability in case of a ransomware attack.

  • Monitoring and Logging: Monitor server logs for unusual activities, such as repeated failed login attempts, which could indicate a brute-force attack.

  • Security Awareness Training: Educate staff about common cyber threats and security best practices to prevent successful phishing and social engineering attacks.

  • Intrusion Detection Systems (IDS): Implement IDS to detect and alert on suspicious activities on the network.

  • Limit User Privileges: Apply the principle of least privilege, ensuring users have only the access rights they need to perform their job.

  • Incident Response Plan: Have a robust incident response plan in place to quickly respond to and mitigate the effects of a security breach.

  • Disable Unused Features/Services: Turn off SQL server features or services that are not required to reduce the attack surface.

  • Endpoint Protection: Use antivirus and anti-malware solutions to protect against malware infections.

  • Secure Remote Access: If remote access to the SQL server is necessary, use secure methods like VPNs with strong encryption.

  • Penetration Testing: Regularly conduct penetration testing to identify and fix security vulnerabilities.

           By implementing these practices, organizations can significantly reduce the risk of being compromised in similar campaigns targeting MSSQL servers.


SOCRadar’s Recommendations for Organizations:

- Perform regular data backups.

- Implement strong password policies and multi-factor authentication systems.

- Keep your software continuously updated.


Observed Countries250

AD (783)
AE (543)
AF (849)
AG (238)
AI (449)
AL (671)
AM (137)
AO (229)
AQ (412)
AR (386)
AS (389)
AT (220)
AU (183)
AW (18)
AX (151)
AZ (122)
BA (728)
BB (991)
BD (282)
BE (746)
BF (196)
BG (113)
BH (550)
BI (113)
BJ (625)
BL (717)
BM (919)
BN (833)
BO (368)
BQ (339)
BR (598)
BS (241)
BT (275)
BV (454)
BW (237)
BY (792)
BZ (716)
CA (109)
CC (649)
CD (259)
CF (158)
CG (374)
CH (831)
CI (144)
CK (922)
CL (577)
CM (381)
CN (86)
CO (707)
CR (850)
CU (485)
CV (87)
CW (805)
CX (548)
CY (803)
CZ (303)
DE (158)
DJ (861)
DK (991)
DM (756)
DO (1)
DZ (724)
EC (947)
EE (375)
EG (43)
EH (650)
ER (214)
ES (890)
ET (713)
FI (113)
FJ (116)
FK (78)
FM (456)
FO (619)
FR (264)
GA (663)
GB (279)
GD (933)
GE (511)
GF (392)
GG (887)
GH (496)
GI (788)
GL (311)
GM (697)
GN (121)
GP (857)
GQ (618)
GR (212)
GS (794)
GT (210)
GU (510)
GW (958)
GY (946)
HK (391)
HM (720)
HN (419)
HR (873)
HT (413)
HU (588)
ID (192)
IE (761)
IL (935)
IM (935)
IN (514)
IO (864)
IQ (152)
IR (990)
IS (12)
IT (262)
JE (33)
JM (935)
JO (870)
JP (337)
KE (424)
KG (767)
KH (956)
KI (726)
KM (530)
KN (448)
KP (830)
KR (289)
KW (178)
KY (553)
KZ (636)
LA (902)
LB (218)
LC (841)
LI (167)
LK (656)
LR (131)
LS (478)
LT (848)
LU (609)
LV (19)
LY (893)
MA (504)
MC (265)
MD (932)
ME (503)
MF (230)
MG (192)
MH (922)
MK (55)
ML (844)
MM (206)
MN (646)
MO (523)
MP (502)
MQ (729)
MR (731)
MS (742)
MT (16)
MU (354)
MV (215)
MW (627)
MX (487)
MY (312)
MZ (551)
NA (393)
NC (269)
NE (599)
NF (344)
NG (634)
NI (571)
NL (262)
NO (570)
NP (461)
NR (318)
NU (546)
NZ (480)
OM (107)
PA (947)
PE (366)
PF (235)
PG (762)
PH (628)
PK (224)
PL (90)
PM (30)
PN (132)
PR (813)
PS (528)
PT (901)
PW (7)
PY (957)
QA (942)
RE (575)
RO (162)
RS (948)
RU (427)
RW (2)
SA (635)
SB (51)
SC (481)
SD (545)
SE (574)
SG (26)
SH (835)
SI (349)
SJ (587)
SK (869)
SL (922)
SM (230)
SN (8)
SO (648)
SR (134)
SS (256)
ST (945)
SV (614)
SX (515)
SY (138)
SZ (445)
TC (580)
TD (571)
TF (414)
TG (727)
TH (258)
TJ (698)
TK (327)
TL (540)
TM (34)
TN (28)
TO (140)
TR (968)
TT (428)
TV (554)
TW (802)
TZ (977)
UA (916)
UG (194)
UM (749)
US (721)
UY (583)
UZ (247)
VA (535)
VC (974)
VE (110)
VG (73)
VI (79)
VN (166)
VU (787)
WF (14)
WS (952)
XK (697)
YE (258)
YT (766)
ZA (320)
ZM (892)
ZW (217)