Monero-Mining Botnet Targets Redis and OrientDB Servers

A Monero-mining botnet, dubbed DDG, is targeting Redis servers via brute-force attacks and OrientDB servers via the CVE-2017-11467 remote code execution vulnerability. DDG’s script is easily modified by threat actors and has been observed delivering versions of the Mirai DDoS malware. The botnet is associated with three Monero wallet addresses and seeks to generate revenue for the developers by leveraging the CPU and memory of vulnerable servers. While the majority of impacted servers are located in China, approximately 11 percent are located within the United States. The NJCCIC recommends users and administrators of Redis servers update database credentials with lengthy and complex passwords. OrientDB server administrators and users are encouraged to update device software as soon as possible.