[...]The vulnerability (CVE-2017-7494) was dubbed SambaCry because of passing similarities to the SMB vulnerability exploited by WannaCry. It was detected June 2017 when the cryptocurrency miner EternalMiner/CPUMiner used it to compromise Linux machines and mine Monero. The previous sample we obtained revealed that SambaCry was only used to target servers, and the payload was simply the cryptocurrency mining malware. Now, recent data shows that attackers are leveraging SambaCry for other purposes.[...]
it amazes me how it took 7 years for security experts to find this vulnerability and wonder how many exploits were actually carried out from day one....
but whats interesting is their targeting NAS iot... hm...
This more recent malware is detected as ELF_SHELLBIND.A and was found on July 3. Similar to the previous reports of SambaCry being used in the wild, it also opens a command shell on the target system. But ELF_SHELLBIND.A has marked differences that separate it from the earlier malware leveraging SambaCry. For one, it targets internet of things (IoT) devices—particularly the Network Attached Storage (NAS) devices favored by small to medium businesses. ELF_SHELLBIND also targets different architectures, such as MIPS, ARM, and PowerPC. This is the first time we’ve seen SambaCry being exploited without the cryptocurrency miner as a payload.
NAS [Main Server]QNAP TS-877 (QTS) w. 4tb [ 3x HGST Deskstar NAS & 1x WD RED NAS ] EXT4 Raid5 & 2 x m.2 SATA Samsung 850 Evo raid1 +16gb ddr4 Crucial+ QWA-AC2600 wireless+QXP PCIE [Backup] QNAP TS-653A (Truenas Core) w. 4x 2TB Samsung F3 (HD203WI) RaidZ1 ZFS + 8gb ddr3 Crucial [^] QNAP TL-D400S 2x 4TB WD Red Nas (WD40EFRX) 2x 4TB Seagate Ironwolf, Raid5 [^] QNAP TS-509 Pro w. 4x 1TB WD RE3 (WD1002FBYS) EXT4 Raid5 [^] QNAP TS-253D (Truenas Scale) [Mobile NAS] TBS-453DX w. 2x Crucial MX500 500gb EXT4 raid1
On Wednesday, 22-year-old Marcus Hutchins -- also known as MalwareTech -- was arrested in Las Vegas for "his role in creating and distributing the Kronos banking Trojan," according to a spokesperson from the U.S. Department of Justice.The charges relate to alleged conduct occurring between July 2014 and July 2015. According to an indictment provided to CNN Tech, Hutchins created the malware and shared it online. Earlier this year, Hutchins became an internet hero when he helped stop WannaCry, a cyberattack that targeted over 150 countries.
