Threat Actor Mimo Targets Magento and Docker to Deploy Crypto Miners and Proxyware
Briefly

Threat Actor Mimo Targets Magento and Docker to Deploy Crypto Miners and Proxyware
"Mimo exploits vulnerabilities in Magento CMS and Docker instances, using PHP-FPM command injection for initial access and employing advanced techniques for evasion and persistence."
"Recent operations by Mimo suggest a transition to more sophisticated tactics, including the deployment of GSocket for maintaining access and using in-memory payloads to avoid detection."
Mimo, a threat actor, has transitioned from exploiting Craft CMS to targeting Magento CMS and misconfigured Docker instances. The group capitalizes on N-day security flaws for deploying cryptocurrency miners. Recent activities include exploiting CVE-2025-32432 in Craft CMS and using PHP-FPM vulnerabilities in Magento for gaining access. Mimo's tactics now involve deploying GSocket for persistent access and using in-memory payloads to prevent detection while deploying proxyware and miners on compromised machines.
Read at The Hacker News
Unable to calculate read time
[
|
]