Some attacks are fairly trivial, but others are multi-vector/multi-platform threats where multiple functionalities are combined as part of the same malicious threat (e.g., XBash, which combines cryptomining, ransomware and botnet/worm activity).
The way in
The attacks are automated and probe the infrastructure and cloud services for vulnerabilities and/or weak or default login credentials.
Among the known exploits leveraged are those for:
- An unauthenticated command execution vulnerability in Apache Hadoop through ResourceManager REST API
- A Redis remote command execution bug
- CVE-2016-3088, an ActiveMQ arbitrary file execution flaw.