Almost nine days after attacks on MongoDB servers have ramped up, the number of ransacked databases has reached 32,380 hosts, and the number of groups involved in these attacks has grown to 21, after initially just one group had been involved.
Of these groups, the biggest and badest of them all is Kraken, a threat actor with some experience in cyber crime, after it had previously coded and attempted to distribute its own brand of ransomware.
The Kraken group got involved in attacks on January 6, and after two days it made nearly 16,000 victims and over $6,200.
Five days later after, the same group has now infected over 21,600 MongoDB instances, and according to its Bitcoin wallet, has made 9.8 Bitcoin (~$7,700).MongoDB realty is slimming down
But there's so many MongoDB databases you can hijack. According to Shodan, there are around 50,000 MongoDB servers open to external connections, and according to ZoomEye, a similar search engine for Internet-connected services,...(continued)