From poisoned search results to GPU mining: A cryptojacking campaign abusing ScreenConnect and Microsoft .NET utilities

Source Metadata

• Source: Microsoft Security Blog
• Canonical URL: https://www.microsoft.com/en-us/security/blog/2026/05/26/poisoned-search-results-gpu-mining-cryptojacking-campaign-abusing-screenconnect-microsoft-net-utilities/
• Additional references: none
• Published at: Tue, 26 May 2026 21:35:34 +0000
• Fetched at: 2026-05-31T21:15:24Z
• Trust level: vendor

Why It Matters

• Source type: Threat Intelligence
• Severity hint: medium (Security-relevant vulnerability/news signal.)
• Extracted signals: none detected deterministically

What SecOpsAI Can Detect

SecOpsAI can turn this source-backed item into a triage task, link it to local SOC findings, and track any source-backed detections or mitigations added during review.

Extracted Intelligence

CVEs

• None found deterministically; reviewer should confirm source details.

Affected Packages Or Products

• None found deterministically; reviewer should add source-backed affected assets if present.

IOCs

• None found deterministically; reviewer should add source-backed indicators if present.

Recommended Actions

• Compare the source-backed claim against local assets and current SOC findings.
• Create a follow-up triage task if the affected technology is present.
• Document whether this item requires a new advisory, detection, or mitigation note.

Operator Commands

secopsai triage summary
secopsai research preflight
secopsai supply-chain advisory list
secopsai blog news-review show news-fd4fa178ee21e94e-from-poisoned-search-results-to-gpu-mining-a-cryptojacking-campaign

References

• https://www.microsoft.com/en-us/security/blog/2026/05/26/poisoned-search-results-gpu-mining-cryptojacking-campaign-abusing-screenconnect-microsoft-net-utilities/