Cisco Talos Blog

July 14, 2021 08:20

Following the Money: Comparing cryptocurrency value to illicit mining activity

By Nick Biasini In the age of meme stocks, Robinhood and Elon Musk's tweets influencing the global economy, cryptocurrency mining has not seemed as fringe as it once did. Mining has been around as long as these crytocurrencies have, but only really started to gather the att

October 13, 2020 10:59

Lemon Duck brings cryptocurrency miners back into the spotlight

By Vanja Svajcer, with contributions from Caitlin Huey. * We are used to ransomware attacks and big-game hunting making headlines, but there are still methods adversaries use to monetize their efforts in less intrusive ways. * Cisco Talos recently recorded increased activity

September 17, 2019 11:09

Cryptocurrency miners aren’t dead yet: Documenting the voracious but simple “Panda”

By Christopher Evans and David Liebenberg. Executive summary A new threat actor named "Panda" has generated thousands of dollars worth of the Monero cryptocurrency through the use of remote access tools (RATs) and illicit cryptocurrency-mining malware. This is far fr

December 18, 2018 11:33

Connecting the dots between recently active cryptominers

Post authored by David Liebenberg and Andrew Williams. Executive Summary Through Cisco Talos' investigation of illicit cryptocurrency mining campaigns in the past year, we began to notice that many of these campaigns shared remarkably similar TTPs, which we at first mistak

August 30, 2018 11:26

Rocke: The Champion of Monero Miners

This post was authored by David Liebenberg. Summary Cryptocurrency miners are becoming an increasingly significant part of the threat landscape. These malicious miners steal CPU cycles from compromised devices to mine cryptocurrencies and bring in income for the threat actor.