Users of Microsoft SQL were becoming victims of a malicious OS. Attackers managed to covertly extract Monero and another dollar-tied altcoin Vollar (VDS), which combines elements of privacy and smart contracts.
The name of the Vollgar botnet refers to this token, as well as a rough way to gain access to the victim’s server by sorting out possible password combinations (from the English burglar - “cracker”).
The equipment of organizations in the areas of health, aviation, education, IT and telecommunications in China, India, South Korea, Turkey, and the United States was infected.
Vollgar attacks came from over 120 IP addresses, mostly from China. According to experts, these are compromised machines, reprofiled to scan and infect new victims.
Victims were far from always aware of the actions of the botnet. According to Guardicore Labs, every fifth hacked server remained infected for one to two weeks. Researchers emphasized that attackers successfully circumvented antivirus and EDR technologies.