skip to Main Content

Cybercrime, Lucifer campaign is evolving and will continue

Check Point: Lucifer campaign is evolving. The Windows crypto miner and DDOS hybrid malware now is multi-platform and multi-architecture, targeting Linux and IoT devices

Lucifer campaign is evolving. It has been discovered by Check Point cyber security experts. It’s a Windows cryptominer and DDoS hybrid malware. Three months ago, researchers published a report detailing its unique activities. More recently, they found evidence that the attackers behind this campaign started their operations in 2018. What started as a miner with self-spreading capabilities that targeted the Windows system, has now evolved into a multi-platform and multi-architecture malware targeting Linux, and IoT devices as well. Data collected shows recent cybercrime hits on over 25 organizations in the US, Ireland, the Netherlands Turkey and India. Attacks have come from a variety of domains including manufacturing, legal, insurance and also the banking industry. The current main attack vector for IoT devices is through exploitation of the vulnerability known as CVE-2018-10561, which targets unpatched Dasan GPON router devices.

The cyber security experts: The cybercrime malware has several capabilities, and the campaign will continue

According the cyber security experts, Lucifer has several capabilities: multiple types of DDoS attacks, full command-and-control operations able to download and execute files, remote command execution, Monero mining using the Xmrig miner, and self-spreading in Windows systems through various exploitation techniques. Check Point believes this cybercrime campaign continues to grow and evolve over time, as it upgrades its abilities and increases its monetization strategies. It originates from servers that were compromised by the attacker. Infected Windows machines then continue to spread the malware both inside the network and to remote targets.

Back To Top