Unistellar Hacking Group Took Over and Wiped 12,000 Unsecured MongoDB Databases

Security experts have always warned of the risks for leaving cloud databases unprotected. However, despite back-to-back reports of open databases and the subsequent attempts to close them down, the efforts seem to go in vain. Some hackers have to wipe these unsecured databases. Reportedly, the Unistellar hacking group has wiped out more than 12,000 open MongoDB databases.

Unistellar Hacking Group Hacked Open MongoDB Databases

Researcher Sanyam Jain has spotted thousands of allegedly hacked/wiped out databases. As observed, a hacking group has taken over all those databases, wiping out contents and leaving a note for the owners.

As per his findings shared with Bleeping Computer, Jain found more than 12,564 unsecured MongoDB databases via BinaryEdge were taken over by hackers. He found the Unistellar hacking group behind to be behind these attacks. Considering a total of 63,000+ MongoDB databases indexed with BinaryEdge, it seems the hackers have wiped out roughly 20% of all databases.

The researcher first noticed this incident on April 24, 2019, when, instead of getting leaked data, he found a note contained in the unprotected database. Scratching the surface further they revealed that the hackers supposedly ask for ransom from the database owners for restoration. The researcher believes that the hackers probably have created restore points for the data.

Generally, the attackers mention one of the two email addresses in the note, unistellar@hotmail.com or unistellar@yandex.com, revealing their identity. However, tracking them remains difficult since they do not mention any other details – not even the cryptocurrency address.

Technical Details Still Unveiled

For now, the technicalities behind this action of hacking databases remain unveiled. Allegedly, the method looks largely automated. According to Bleeping Computer,

After connecting to one of the publicly accessible MongoDB databases left unprotected on the Internet, the script or program used to do it is also configured to indiscriminately delete every unsecured MongoDB it can find, and then to add the ransom tables.

It is yet unconfirmed if any victims have paid ransom to the attackers until now.

Earlier this month, the researcher Bob Diachenko also reported a similar incident. He found and reported the unsecured database having 275 million records belonging to Indian citizens. Even after his report to the Indian CERT, it remained unprotected, and eventually, hacked by Unistellar.

Certainly, it is high time that the organizations take robust security measures to protect their cloud databases. Otherwise, we may expect to see a rise in such incidents.

Take your time to comment on this article.

Related posts

Water Facilities Must Secure Exposed HMIs – Warns CISA

Microsoft December Patch Tuesday Arrived With 70+ Bug Fixes

NachoVPN Attack Risks Corporate VPN Clients