The attack targets servers in East Asia and Latin America, and is also affecting machines hosted on Amazon Web Services (AWS). There are more than 70,000 affected servers so far.
The modus operandi of SpeakUp is brute-force access, network environment analysis and the use of remote code execution vulnerabilities. The tasks that come to SpeakUp from the command and control center with which it connects point above all to the download and execution of files. It also, uses XMRig miners.
Given the complexity of the malware, Check Point warns that SpeakUp could become a more dangerous threat, as it could allow the deployment of “additional payloads that are potentially more intrusive and offensive”.