Experts observed dozens of unsecured Elasticsearch and MongoDB instances exposed online that were inexplicably wiped by threat actors as part of a campaign tracked as Meow attack.
The Meow attack began recently and attackers did not leave any ransom note or disclaimer after the hack of the install.
Immediately after the first attacks, security experts started searching for vulnerable databases exposed online.
One of the recent Meow attacks targeted the Hong Kong-based VPN provider UFO VPN, hackers targeted its Elasticsearch database. Recently vpnMentor experts reported that seven Virtual Private Network (VPN) left 1.2 terabytes of private user data exposed to online.
Security researcher Bob Diachenko reported that the database was first secured in July, but unfortunately, it was exposed a few days later when it was hit by a Meow attack.
As result of the attack all the records were wiped and no message was left on the server.
“After the exposed data had been secured, it resurfaced a second time on July 20 at a different IP address. This dataset, which we believe was exposed a second time by UFO VPN, was even bigger and contains records as recent as July 19.” reported Diachenko. “July 20, 2020: The second exposed dataset was attacked, and almost all of the records destroyed by a “Meow” bot attack. Only newly added records remained.”
Experts believe that the threat actors are using a botnet to automate the attack, but it is still unclear which is their motivation.
“Diachenko told BleepingComputer that there are not many details about the attacker or the purpose of their actions. He says that the attack appears to be an automated script that “overwrites or destroys the data completely.”” reported BleepingComputer.
To avoid being victims of the meow attack, administrators should secure their system and avoid exposing them as result of misconfigurations.
(SecurityAffairs – hacking, meow attack)
Necessary cookies are absolutely essential for the website to function properly. This category only includes cookies that ensures basic functionalities and security features of the website. These cookies do not store any personal information.
Any cookies that may not be particularly necessary for the website to function and is used specifically to collect user personal data via analytics, ads, other embedded contents are termed as non-necessary cookies. It is mandatory to procure user consent prior to running these cookies on your website.