From bleepingcomputer.com
A threat actor known as ‘Blue Mockingbird’ targets Telerik UI vulnerabilities to compromise servers, install Cobalt Strike beacons, and mine Monero by hijacking system resources.
The flaw leveraged by the attacker is CVE-2019-18935, a critical severity (CVSS v3.1: 9.8) deserialization that leads to remote code execution in the Telerik UI library for ASP.NET AJAX.