Threat actors are using unsecured Microsoft SQL servers to distribute Cobalt Strike and the FreeWorld ransomware strain.
The campaign, which the cybersecurity company Securonix has named DB#JAMMER, is notable, according to Securonix, for the way its infrastructure and toolkit are used.
Security researchers Den Iuzvyk, Tim Peck, and Oleg Kolesnikov provided a technical explanation of the activity. “Some of these tools include enumeration software, RAT payloads, exploitation and credential stealing software, and finally ransomware payloads,” they added. The preferred ransomware payload seems to be a more recent version of Mimic malware named FreeWorld.