Statistics Report on Malware Targeting Windows Database Servers in Q1 2026
Description. analysis of ASEC’s ASD logs for Q1 2026 showed a consistent trend of attacks against MS-SQL and MySQL. the number of attacks tended to decrease temporarily in February before increasing again in March. Purpose and Scope. this report summarizes the statistics of attacks targeting MS-SQL and MySQL servers installed
Q1 2026 Malware Statistics Report for Linux SSH Servers
Overview. ASEC analyzed the statistics of attacks against Linux SSH servers in Q1 2026 based on honeypot logs. The P2PInfect worm dominated, accounting for 70.3% of all attack sources, and DDoS bots such as Mirai, XMRig, Prometei, and CoinMiner were identified as the main threats. Purpose and Scope. the purpose
Statistics Report on Malware Targeting Windows Database Servers in Q4 2025
AhnLab SEcurity intelligence Center (ASEC) utilizes the AhnLab Smart Defense (ASD) infrastructure to respond to and categorize attacks targeting MS-SQL and MySQL servers installed on Windows operating systems. This post covers the damage status of MS-SQL and MySQL servers that have become attack targets and statistics on attacks against these
Statistics Report on Malware Targeting Windows Database Servers in Q3 2025
AhnLab SEcurity intelligence Center (ASEC) utilizes the AhnLab Smart Defense (ASD) to categorize and respond to attacks targeting Windows-based MS-SQL and MySQL servers. This report will cover the current state of damage to MS-SQL and MySQL servers that became attack targets based on the logs discovered in the third quarter
XiebroC2 Identified in MS-SQL Server Attack Cases
AhnLab SEcurity intelligence Center (ASEC) monitors attacks targeting poorly managed MS-SQL servers and recently confirmed a case involving the use of XiebroC2. XiebroC2 is a C2 framework with open-source code that supports various features such as information collection, remote control, and defense evasion, similar to CobaltStrike. [1] Figure 1. XiebroC2’s
Attacks Targeting Linux SSH Servers to Install SVF DDoS Bot
AhnLab SEcurity intelligence Center (ASEC) is monitoring attacks targeting poorly managed Linux servers by utilizing multiple honeypots. One of the most common honeypots is the SSH service using weak credentials, and a large number of DDoS and CoinMiner threat actors are attacking this service. ASEC has recently identified a case
Analysis of Attacks Targeting Linux SSH Servers for Proxy Installation
AhnLab SEcurity intelligence Center (ASEC) monitors attacks targeting Linux servers that are inappropriately managed using honeypots. One of the representative honeypots is the SSH service that uses weak credentials, which is targeted by a large number of DDoS and coinminer attackers. ASEC has identified cases where Linux servers were attacked
Case of Attacks Targeting MS-SQL Servers to Install Ammyy Admin
AhnLab SEcurity intelligence Center (ASEC) recently identified cases of attacks installing Ammyy Admin on poorly managed MS-SQL servers. Ammyy Admin is a remote control tool used to control systems remotely along with AnyDesk, ToDesk, TeamViewer, etc. When these tools are used properly, they enable companies and individuals to manage and
cShell DDoS Bot Attack Case Targeting Linux SSH Server (screen and hping3)
AhnLab SEcurity intelligence Center (ASEC) monitors attacks against poorly managed Linux servers using multiple honeypots. Among the prominent honeypots are SSH services using weak credential information, which are targeted by numerous DDoS and CoinMiner threat actors. ASEC recently identified a new DDoS malware strain targeting Linux servers while monitoring numerous
Analysis of Attacks That Install Scanners on Linux SSH Servers
AhnLab Security Emergency response Center (ASEC) analyzes attack campaigns against poorly managed Linux SSH servers and shares the results on the ASEC Blog. Before installing malware such as DDoS bot and CoinMiner, the threat actors need to obtain information on the attack target, that is the IP address and SSH
