Infostealer Campaign against ISPs

Intel Name: Infostealer campaign against isps

Date of Scan: March 6, 2025

Impact: High

Summary:
This campaign targets ISP infrastructure providers on the West Coast of the United States and in China. Originating from Eastern Europe, the mass exploitation campaign uses basic tools to hijack victims’ computer processing power, deploying cryptomining payloads and multi-functional binaries. Key tactics include:

Credential abuse through brute-force attacks using weak credentials
Data exfiltration via Command and Control (C2) servers
Deployment of additional crimeware
Self-termination to evade detection
Establishing persistence, disabling remote access, and launching pivot attacks on targeted CIDRs

More Details