Unistellar Hacking Group Took Over and Wiped 12,000 Unsecured MongoDB Databases

  •  
  •  
  •  
  • 8
  •  
  •  
  •  
    8
    Shares

Security experts have always warned of the risks for leaving cloud databases unprotected. However, despite back-to-back reports of open databases and the subsequent attempts to close them down, the efforts seem to go in vain. Some hackers have to wipe these unsecured databases. Reportedly, the Unistellar hacking group has wiped out more than 12,000 open MongoDB databases.

Unistellar Hacking Group Hacked Open MongoDB Databases

Researcher Sanyam Jain has spotted thousands of allegedly hacked/wiped out databases. As observed, a hacking group has taken over all those databases, wiping out contents and leaving a note for the owners.

As per his findings shared with Bleeping Computer, Jain found more than 12,564 unsecured MongoDB databases via BinaryEdge were taken over by hackers. He found the Unistellar hacking group behind to be behind these attacks. Considering a total of 63,000+ MongoDB databases indexed with BinaryEdge, it seems the hackers have wiped out roughly 20% of all databases.

The researcher first noticed this incident on April 24, 2019, when, instead of getting leaked data, he found a note contained in the unprotected database. Scratching the surface further they revealed that the hackers supposedly ask for ransom from the database owners for restoration. The researcher believes that the hackers probably have created restore points for the data.

Generally, the attackers mention one of the two email addresses in the note, [email protected] or [email protected], revealing their identity. However, tracking them remains difficult since they do not mention any other details – not even the cryptocurrency address.

Technical Details Still Unveiled

For now, the technicalities behind this action of hacking databases remain unveiled. Allegedly, the method looks largely automated. According to Bleeping Computer,

After connecting to one of the publicly accessible MongoDB databases left unprotected on the Internet, the script or program used to do it is also configured to indiscriminately delete every unsecured MongoDB it can find, and then to add the ransom tables.

It is yet unconfirmed if any victims have paid ransom to the attackers until now.

Earlier this month, the researcher Bob Diachenko also reported a similar incident. He found and reported the unsecured database having 275 million records belonging to Indian citizens. Even after his report to the Indian CERT, it remained unprotected, and eventually, hacked by Unistellar.

Certainly, it is high time that the organizations take robust security measures to protect their cloud databases. Otherwise, we may expect to see a rise in such incidents.

Take your time to comment on this article.

The following two tabs change content below.
Avatar

Abeerah Hashim

Abeerah has been a passionate blogger for several years with a particular interest towards science and technology. She is crazy to know everything about the latest tech developments. Knowing and writing about cybersecurity, hacking, and spying has always enchanted her. When she is not writing, what else can be a better pastime than web surfing and staying updated about the tech world! Reach out to me at: [email protected]
Avatar

Abeerah Hashim

Abeerah has been a passionate blogger for several years with a particular interest towards science and technology. She is crazy to know everything about the latest tech developments. Knowing and writing about cybersecurity, hacking, and spying has always enchanted her. When she is not writing, what else can be a better pastime than web surfing and staying updated about the tech world! Reach out to me at: [email protected]

Do NOT follow this link or you will be banned from the site!