Tencent Yujian: Black production gangs use Apache Struts 2 vulnerability to mine and earn Monero coins

The Tencent Security Miami Threat Intelligence Center recently detected that the group used the Apache Struts 2 remote command execution vulnerability (CVE-2017-5638) to attack the windows server. From the list of files used by the group, the attack was mainly carried out through blasting or vulnerability exploitation. Windows server, has controlled about 270 servers, 44 mining Trojan servers have been issued, the group has earned 35,000 yuan from Monero coins.