Roughly 9,000 monero tokens (about $3.6 million) were forcibly mined following the hijacking of more than half a million machines by a cryptocurrency miner botnet.
According to reports the miner botnet responsible for the event was the Smominru bot net, now having gained a notorious reputation after mining 8,900 monero tokens from its first appearance in May 2017. At its peak, it has infected more than 526,000 Windows servers, a viable choice supposedly because of better processing capacity than computers, as well as the fact that they are always left on and running.
Based on a ZDNet report, the botnet is based on EternalBlue, aWindows exploit developed by the US National Security Agency, but leaked last year by the Shadow Brokers harcker group. Subsequently, Eternal Blue was also deployed alongside another NSA exploit, DoublePulsa, during the WannaCry attack.
Cybersecurity workers from various companies such as Proofpoint, ShadeowServer Foundation, and abuse.ch have all tried to stop the botnet from doing any more damage, but to little success. Even with their “sinkholing” technique, the botnet simply recovered quickly.
The attack launched by Smominur was global, although majority of the affected machines are reportedly the ones from Itndia, Taiwan, and Russia.