Recently, security researcher Bob Diachenko had revealed about a massive breach targeting one of the Indian Organization which resulted in loss of 27.52 Cr records. This Hacker Group had accessed the mongoDB instance which did not have any authentication , siphoned off the data, dropped / deleted the collections and added a ransom-note record .
This is not an isolated instance of Unistellar Hacking Group targeting a mongoDB server, based on our research, we have come across almost 90+ MongoDB servers , belonging to various Indian Organizations being targeted by this group .
Worldwide , Unistellar Group has managed to takeover more than 1000 instances of MongoDB servers. In next few weeks, the number of victim organizations is going to increase exponentially.
Unistellar Hacker Group hack attack resulted in a data breach constituting of around 2.53 Cr records, furthermore, Unistellar has been targeting high value targets ie. DB size, No. of Records. Hence, this hacking campaign could very well become one of the largest in recent time.
Advisory
- Implement Authentication for your MongoDB Instances .
- Initiate Security audit of your Internet Facing Assets .