Tencent Yujian: H2Miner gangs used the SaltStack vulnerability to mine Monero, and have made a profit of 3.7 million yuan

The Tencent Security Threat Intelligence Center detected that the H2Miner Trojan used SaltStack remote commands to execute vulnerabilities to invade enterprise hosts for mining. According to the big data statistical results of Tencent Security Threat Intelligence Center, H2Miner’s attacks using SaltStack vulnerabilities began on May 3 and are currently showing a rapid growth trend. When the H2Miner mining trojan is running, it will try to uninstall the server’s security software and remove other mining trojans installed on the server to monopolize the server resources. At present, the H2Miner black production gang has illegally profited more than RMB 3.7 million through controlling the server to mine Monero coins.