Show vulnerabilities with patch / with exploit
23 July 2020

Mysterious “Meow” attack destroys data stored on dozens unsecured Elasticsearch and MongoDB servers


Mysterious “Meow” attack destroys data stored on dozens unsecured Elasticsearch and MongoDB servers

Dozens of unsecured Elasticsearch and MongoDB instances exposed on the internet have fallen victim to a campaign tracked as Meow attack, in which malicious actors wiping databases without any explanation or a ransomware note.

The attacks were first spotted by security researcher Bob Diachenko. One of the recent Meow attacks has been observed targeting the Elasticsearch database belonging Hong Kong-based VPN provider UFO VPN, which made the headlines recently when researchers from vpnMentor have reported that seven Virtual Private Network services (UFO VPN, FAST VPN, FREE VPN, SUPER VPN, Flash VPN, Secure VPN, and Rabbit VPN) leaked 1.2 terabytes of private user data.

According to Diachenko, UFO VPN secured its database at the beginning of July, but on July 20 the database resurfaced once again at a different IP address and contained records as recent as July 19. On the same day the exposed database was wiped in Meow attack, with only recent records remaining.

Since then, Meow and a similar attack have destroyed more than 1,000 other databases. A recent Shodan search has shown that 987 ElasticSearch and 70 MongoDB instances have been affected by Meow attack.

Diachenko said that there isn’t much known about the attackers or the reasoning behind their actions. The researcher said that the attack appears to be an automated script that “overwrites or destroys the data completely.”

Back to the list

Latest Posts

Iranian APT Oilrig becomes the first group to weaponize DNS-over-HTTPS

Iranian APT Oilrig becomes the first group to weaponize DNS-over-HTTPS

Oilrig members have added a new DNSExfiltrator utility to their hacking arsenal.
5 August 2020
Hacker published passwords for over 900 corporate VPN servers

Hacker published passwords for over 900 corporate VPN servers

The list was published on a Russian-speaking hacker forum frequented by different ransomware operators.
5 August 2020
Maze operators published dozens of GBs of data from LG and Xerox

Maze operators published dozens of GBs of data from LG and Xerox

Stolen information may include Xerox support records and source code for the firmware of various LG products.
4 August 2020