Guardicore Labs security researchers published today a full report on the campaign of theft that attacks PHPMyAdmin and MSSQL servers over the globe.
Security researchers the Nansh0u, the malicious activity is reported by a Chinese group of APT-style attackers that has infected about 50,000 servers. Also, installing a kernel rootkit on affected systems.
An attacker can get access using the brute-force technique after finding publicly accessible MS-SQL and PHPMyAdmin Windows servers using a single-port scanner.
Easyhack providing you of Nansh0u Campaign IoCs published by Researcher Nansh0u.