Experts observed dozens of unsecured Elasticsearch and MongoDB instances exposed online that were inexplicably wiped by threat actors as part of a campaign tracked as Meow attack.
The Meow attack began recently and attackers did not leave any ransom note or disclaimer after the hack of the install.
Immediately after the first attacks, security experts started searching for vulnerable databases exposed online.
One of the recent Meow attacks targeted the Hong Kong-based VPN provider UFO VPN, hackers targeted its Elasticsearch database. Recently vpnMentor experts reported that seven Virtual Private Network (VPN) left 1.2 terabytes of private user data exposed to online.
Security researcher Bob Diachenko reported that the database was first secured in July, but unfortunately, it was exposed a few days later when it was hit by a Meow attack.
As result of the attack all the records were wiped and no message was left on the server.
“After the exposed data had been secured, it resurfaced a second time on July 20 at a different IP address. This dataset, which we believe was exposed a second time by UFO VPN, was even bigger and contains records as recent as July 19.” reported Diachenko. “July 20, 2020: The second exposed dataset was attacked, and almost all of the records destroyed by a “Meow” bot attack. Only newly added records remained.”
Experts believe that the threat actors are using a botnet to automate the attack, but it is still unclear which is their motivation.
“Diachenko told BleepingComputer that there are not many details about the attacker or the purpose of their actions. He says that the attack appears to be an automated script that “overwrites or destroys the data completely.”” reported BleepingComputer.
To avoid being victims of the meow attack, administrators should secure their system and avoid exposing them as result of misconfigurations.
(SecurityAffairs – hacking, meow attack)