Surge in Crypto-Mining Attacks Exploiting Misconfigured PostgreSQL Servers

Twitter LinkedIn E-Mail
03.04.2025 63 times read 2 Comments Read out

Increase in Crypto-Mining Attacks on PostgreSQL Servers

According to a report by IT-Boltwise, a surge in cyberattacks targeting PostgreSQL servers has been observed. These attacks exploit misconfigured and publicly accessible servers to mine the cryptocurrency Monero. The attackers, identified as the group JINX-0126, take advantage of weak or easily guessable credentials to gain access to these servers. Once access is obtained, they deploy the XMRig-C3 cryptominer, which monopolizes the server's computational power, rendering it unusable for legitimate tasks.

The financial impact on affected companies is significant. The unauthorized mining activity leads to increased electricity costs, while the mined Monero coins are transferred directly to the attackers' digital wallets. Monero is particularly attractive to cybercriminals due to its high level of transaction anonymity, making it difficult to trace.

"The attacks are becoming more sophisticated, with hackers employing fileless techniques to evade detection," noted security researchers from Wiz.

It is estimated that over 1,500 devices have been compromised in this campaign. Alarmingly, nearly 90% of cloud environments host self-managed PostgreSQL instances, with one-third of these being publicly accessible. This highlights the urgent need for organizations to review and strengthen their server configurations to mitigate such risks.

Key Findings Details
Targeted Servers PostgreSQL
Cryptocurrency Mined Monero
Compromised Devices Over 1,500
Cloud Environments with Public Access 33%

Summary: The rise in crypto-mining attacks on PostgreSQL servers underscores the importance of robust security measures. Organizations must address misconfigurations and implement stronger access controls to prevent unauthorized exploitation of their resources.

Sources:

Your opinion on this article

Please enter a valid email address.
Please enter a comment.
Totally agree with others that cloud providers should step up, but shouldn't companies themselves know better than to leave servers publicly accessible in 2023?
Oh wow, so interresting topic, huh? I think its wild how companys these days STILL dont take security stuff srsly. I mean 1500 device compromized?? Thats like ALOT of servers just sittn there waiting to be hacked! Like why nobody thinks hey lets put a password thats not "123456" or something lol?

Also, sombody earlier mentioned "cloud providrs shuld step up" but like, isn’t it also the PEOPLE using the clouds responsibl whos setting them up? Yea providers need better tools, but its not REALISTIC to expct they babysit everyone evn if people put there stuff open for anyone to grab. Also, I feel like isn't Monero always like the "bad guys" coin?? Becuase no 1 can trace it. Why isn't this like more reglated or somthing so they can't kepe using it.

Anyway not sure why ppl keep threatin Monero miners like they "better" than other hackers jst beacuse they not stealing bank account info but isnt THIS also stealing?? You kno using somebodys CPU & their power bill?? ALSO fileless attacks? what does that even mean lol. Does it mean no files at all get actually created, like NO evidence?? krazy technology these day man!

Soory this got long, but yeah, thx for the info. Got me thinkin ALOT.