Show vulnerabilities with patch / with exploit
23 July 2020

Mysterious “Meow” attack destroys data stored on dozens unsecured Elasticsearch and MongoDB servers


Mysterious “Meow” attack destroys data stored on dozens unsecured Elasticsearch and MongoDB servers

Dozens of unsecured Elasticsearch and MongoDB instances exposed on the internet have fallen victim to a campaign tracked as Meow attack, in which malicious actors wiping databases without any explanation or a ransomware note.

The attacks were first spotted by security researcher Bob Diachenko. One of the recent Meow attacks has been observed targeting the Elasticsearch database belonging Hong Kong-based VPN provider UFO VPN, which made the headlines recently when researchers from vpnMentor have reported that seven Virtual Private Network services (UFO VPN, FAST VPN, FREE VPN, SUPER VPN, Flash VPN, Secure VPN, and Rabbit VPN) leaked 1.2 terabytes of private user data.

According to Diachenko, UFO VPN secured its database at the beginning of July, but on July 20 the database resurfaced once again at a different IP address and contained records as recent as July 19. On the same day the exposed database was wiped in Meow attack, with only recent records remaining.

Since then, Meow and a similar attack have destroyed more than 1,000 other databases. A recent Shodan search has shown that 987 ElasticSearch and 70 MongoDB instances have been affected by Meow attack.

Diachenko said that there isn’t much known about the attackers or the reasoning behind their actions. The researcher said that the attack appears to be an automated script that “overwrites or destroys the data completely.”

Back to the list

Latest Posts

Israel says it averted a foreign cyber attack against defence industry

Israel says it averted a foreign cyber attack against defence industry

The cyber criminals attempted to gain access to Israeli defence databases by creating fake identities.
13 August 2020
Microsoft patches two actively exploited Windows, IE flaws

Microsoft patches two actively exploited Windows, IE flaws

Some similarities with previously discovered exploits suggest that the DarkHotel APT may be the culprit behind the attacks.
12 August 2020
TeamViewer vulnerablity could allow hackers to obtain system password

TeamViewer vulnerablity could allow hackers to obtain system password

The TeamViewer versions 8 through 15 (up to 15.8.2) for the Windows platform are impacted.
11 August 2020