RE: https://mastodon.social/@invirtuate/116675095977215867

I wrote up a new #blog post about the recent incident on Friday about a #cryptomining campaign that appears to be coming back from the dead after being quiet for a few years.

#infosec #cybersecurity #malware

We had an #incident this past Friday with a #cryptomining attack. The attacker managed to break into an #nginx proxy node. We have created a #blog post about the incident documenting the attack and some changes that we've been made.

https://invirtuate.com/blog/incidents/ElPatrono1337-color1337-cryptomining-attack

#infosec #cybersecurity #minnesota #mnastodon

Louisville Public Media: Massive new data center project announced in northeastern Kentucky. “TeraWulf says the Muskie Data Campus will eventually need more than one gigawatt of electricity, or enough to support more than 800,000 average homes for an entire year. The bitcoin mining company expects to need its first 500 megawatts by the second half of 2028 and the rest in 2030.”

New AI-compute cryptocurrency Pearl sparks a GPU mining rush but profitability is already sliding — RTX 5090 daily revenue has halved to $17.19 since April

https://fed.brid.gy/r/https://www.tomshardware.com/tech-industry/cryptomining/new-ai-compute-cryptocurrency-pearl-sparks-a-gpu-mining-rush-but-profitability-is-sliding

Cybercrime Gang Targets Fans with Miner Malware via Pirated Media Sites

Millions of fans are unwittingly getting hacked when they visit popular pirated media sites, with a staggering 40 million visits to infected sites in April alone. A sneaky malware campaign is using fake video player updates to infect devices with cryptomining and remote-access malware.

https://osintsights.com/cybercrime-gang-targets-fans-with-miner-malware-via-pirated-media-sites?utm_source=mastodon&utm_medium=social

#MalwareOperations #MinerMalware #PiratedMedia #Cryptomining #RemoteaccessCampaign

Middle East Malicious Infrastructure Report: 1,350+ C2 Servers Mapped Across 98 Providers

Between February and May 2026, over 1,350 active command-and-control servers were identified across 98 infrastructure providers spanning 14 Middle Eastern countries. Saudi Arabia's STC hosted 981 C2 servers, representing 72.4% of all regional malicious infrastructure, the largest concentration globally. C2 infrastructure dominated at 96.8% of detected activity, with IoT-focused botnets like Hajime, Mozi, and Mirai, alongside offensive frameworks including Tactical RMM, Cobalt Strike, and Sliver representing the primary malware families. The infrastructure supported diverse operations from state-sponsored espionage campaigns like Eagle Werewolf targeting state entities, to Malware-as-a-Service platforms, cryptomining operations, and destructive attacks such as DYNOWIPER. Key providers included SERVERS TECH FZCO in UAE, OMC in Israel, Türk Telekom, and Regxa in Iraq, demonstrating how telecommunications giants and specialized hosting services enable both commodity cybercrime and advanced persistent threat op...

Pulse ID: 6a0f8f36422c8adb515a9804
Pulse Link: https://otx.alienvault.com/pulse/6a0f8f36422c8adb515a9804
Pulse Author: AlienVault
Created: 2026-05-21 23:03:18

Be advised, this data is unverified and should be considered preliminary. Always do further verification.

#CobaltStrike #CryptoMining #CyberCrime #CyberSecurity #Espionage #InfoSec #IoT #Israel #Malware #MalwareAsAService #MiddleEast #Mirai #OTX #OpenThreatExchange #RAT #SaudiArabia #Sliver #Telecom #Telecommunication #UAE #bot #botnet #AlienVault

Inside a Tor Backed Supply Chain Worm

A sophisticated npm supply chain attack was uncovered involving the typosquatted package crypto-javascri, designed to mimic the legitimate crypto-js library. The malware harvests npm and GitHub credentials from infected systems, hijacks maintainer accounts, and automatically republishes trojanized versions of packages under trusted identities. The final payload incorporates a weaponized Arti Tor client with credential theft, cryptomining capabilities, privilege escalation via SUID exploitation, and systemd-based persistence mechanisms. The campaign specifically targets Linux developer systems and CI/CD environments, using Tor-based command-and-control infrastructure to maintain anonymity and resilience. The attack creates significant downstream supply chain risk through its worm-like propagation model.

Pulse ID: 6a0d970b3015e77563f4a9fa
Pulse Link: https://otx.alienvault.com/pulse/6a0d970b3015e77563f4a9fa
Pulse Author: AlienVault
Created: 2026-05-20 11:12:11

Be advised, this data is unverified and should be considered preliminary. Always do further verification.

#CryptoMining #CyberSecurity #GitHub #InfoSec #Java #Linux #Malware #Mimic #NPM #OTX #OpenThreatExchange #RAT #Rust #SMS #SupplyChain #Trojan #Worm #bot #AlienVault

Whatsminer P566Z P564Z power supply for M63 M63S series

For more details, please visit:https://www.zeusbtc.com/ASIC-Miner-Repair/Parts-Tools-Details.asp?ID=4026
#whatsminer #psu #powersupply #crypto #cryptomining #bitcoinmining #btcmining #asicminer #miner #zeusmining #bitcoinminer