The Kinsing Hacker Group, also known as H2Miner, has been actively evolving and utilizing new vulnerabilities to expand its crypto-mining botnet since 2019. The group has targeted various systems, including Linux and Windows, by exploiting vulnerabilities in web applications and misconfigurations such as Docker API and Kubernetes. By incorporating new exploits in Apache ActiveMQ, Apache Log4j, Apache NiFi, among others, the group enrolls infected systems into its botnet for crypto-mining activities
The threat actor's campaigns mainly focus on open-source applications, deploying Type I and Type II scripts post initial access, and using binaries like the Kinsing malware and crypto-miners to mine Monero. The attack infrastructure comprises initial servers for scanning, download servers for staging payloads, and command-and-control servers. To thwart threats like Kinsing, proactive measures such as hardening workloads pre-deployment are crucial, as these botnet malware families continue to expand their reach and enlist machines for malicious activities. ```https://thehackernews.com/2024/05/kinsing-hacker-group-exploits-more.html