Cybercrime Group
Blue Mockingbird
Active since 2019
Blue Mockingbird breaks into web servers and installs cryptocurrency mining software. They use your computers' power to mine cryptocurrency without you knowing, making money while slowing down your systems.
Overview
Blue Mockingbird is a financially motivated threat group that exploits vulnerabilities in public-facing servers to deploy cryptocurrency miners. They use living-off-the-land techniques for persistence.
Target Industries
Technology, Healthcare, Manufacturing, All Industries
Target Regions
Global
Is your business exposed?
Tactics, Techniques & Procedures
- • Public-facing application exploitation
- • Cryptomining deployment
- • Living off the land
- • COR_PROFILER persistence
- • Windows scheduled tasks
Known Tools & Malware
XMRIG, Mimikatz, PowerShell scripts, COR_PROFILER hijack
Notable Campaigns
Telerik UI Exploitation (2020)
Exploited Telerik UI vulnerabilities to deploy miners.
Widespread Cryptomining (2019-present)
Ongoing operations deploying XMRIG miners on Windows servers.
MITRE ATT&CK Techniques
T1190, T1496, T1059.001, T1574.012, T1053.005
Defense Recommendations
- 1.
Patch public-facing web applications
- 2.
Monitor for cryptocurrency mining activity
- 3.
Block COR_PROFILER hijacking
Is your business exposed?
Check if your company data is circulating on the dark web
Free scan • No credit card required