A mining Trojan is found targeting MSSQL servers. The mining Trojan mainly targeted MS SQL services to blast weak password attacks. After successful blasting, Monero mining Trojans would be implanted for mining. At the same time, the attacker downloads the frpc intranet penetration tool to install the backdoor, and will add users to facilitate the intruder to log in to the server remotely.
Judging from the HFS server count of the mining Trojan, tens of thousands of MSSQL servers have been implanted with the mining Trojan, and dozens of servers have been installed with backdoors. The attacker installs intranet penetration tools on the compromised server that will further increase the risk of hacker intrusion, and the compromise of the corporate database server will lead to serious information leakage incidents.