China-based cyber attackers have breached more than 50,000 servers belonging to companies in the healthcare, telecommunications, media and IT sectors using sophisticated attack tools, security researchers warn.
The machines were compromised as part of a cyber attack campaign targeting Windows Microsoft SQL Server and PHPMyAdmin servers worldwide, according to the researchers at Guardicore Labs, who tracked the campaign for a month, in which the number of infected machines doubled.
The attackers used a port scanner that has been known since 2014 to detect MS-SQL servers by scanning IP addresses and checking whether typical MS-SQL ports were open.
