GhostEngine mining attacks kill EDR security using vulnerable drivers

It has been determined that a malicious crypto mining campaign known as “REF4578” is using a malicious payload called GhostEngine, which leverages insecure drivers to disable security products and launch an XMRig miner.

In separate publications and shared detection rules to assist defenders in identifying and stopping these crypto-mining assaults, researchers from Elastic Security Labs and Antiy have highlighted the exceptionally sophisticated nature of these attacks.

The origin and extent of the campaign are still unknown, though, as neither the report nor its specifics link the activity to recognized threat actors or provide information about targets or victims.

The threat actor’s attack begins with the execution of a program called “Tiworker.exe,” which poses as a genuine Windows file. It is unknown how servers are originally compromised read more GhostEngine mining attacks kill EDR security using vulnerable drivers.

Get up to date on the latest cybersecurity news and enhance your knowledge of cybersecurity with our thorough coverage of the dangers, breaches, and solutions.

Leave a Reply

Your email address will not be published. Required fields are marked *