Tag: GhostEngine mining

GhostEngine mining attacks kill EDR security using vulnerable drivers
News

GhostEngine mining attacks kill EDR security using vulnerable drivers

It has been determined that a malicious crypto mining campaign known as "REF4578" is using a malicious payload called GhostEngine, which leverages insecure drivers to disable security products and launch an XMRig miner. In separate publications and shared detection rules to assist defenders in identifying and stopping these crypto-mining assaults, researchers from Elastic Security Labs and Antiy have highlighted the exceptionally sophisticated nature of these attacks. The origin and extent of the campaign are still unknown, though, as neither the report nor its specifics link the activity to recognized threat actors or provide information about targets or victims. The threat actor's attack begins with the execution of a program called "Tiworker.exe," which poses as a genuine Wind...