KashmirBlack campaign started around November 2019. It usually aims for popular CMS platforms such as WordPress, Magneto, Drupal, Joomla! and others.
KashmirBlack uses resources of compromised systems to mine Monero cryptocurrency and to redirect legitimate traffic to spam pages.
According to Imperva researchers, the botnet is believed to be the work of a hacker named Exect1337, a member of the Indonesian hacker crew PhantomGhost.