Cybercriminals from APT-27 group targetting the high profile enterprise networks by exploiting MySQL server through malware such as NewCoreRAT(Remote Access Trojan) linked with Chinese APT Campaign.
Most of the enterprise networks relay with a cloud platform to store their sensitive data, at the same time attackers equally using cloud services to run their bots and C&C on cloud servers.
Even though enterprises patch all the vulnerabilities related to OS, they failed to secure the server machine running MySQL, which is open to the public Internet.
Based on the Shodan search result, there are nearly 4.9 million MySQL servers configured to run on public IP. The MySQL service runs with system privilege, so if an attacker enters into the network using MySQL then they can gain complete access to the infected machine without any vulnerability.