Security researchers have detected a botnet that targeted PostgreSQL databases. Researchers at Unit 42 of Palo Alto Networks said that the botnet works by deploying brute-force attacks on internet-accessible PostgreSQL databases. The botnet picks up a public network range at random and then repeats all IP addresses as part of the range and searches for systems with the PostgreSQL port exposed on the Internet.
Suppose the miner detects an active PostgreSQL system, the botnet shifts from the scanning position to the brute-force phase. There it shuffles across a long password list in the attempt to potentially guess the “postgres” credentials for default PostgreSQL ID and account.