From asec.ahnlab.com
Types of cyberattack include not only Advanced Persistent Threat (APT) attacks targeting a few specific companies or organizations but also scan attacks targeting multiple random servers connected to the Internet. This means that the infrastructures of threat actors can become the targets of cyberattack alongside companies, organizations, and personal users.
AhnLab SEcurity intelligence Center (ASEC) has confirmed a case in which a CoinMiner attacker’s proxy server became a target of a ransomware threat actor’s Remote Desktop Protocol (RDP) scan attack. The CoinMiner threat actor used a proxy server to access an infected botnet, and the port they opened to connect with the proxy server was exposed to another threat actor’s RDP scan attack. As a result, the RDP scan attack was launched against the CoinMiner’s botnet, infecting it with ransomware.