Elasticsearch is no stranger to cybercriminal abuse given its popularity and use to organizations. In fact, this year’s first quarter saw a surge of attacks — whether by exploiting vulnerabilities or taking advantage of security gaps — leveled against Elasticsearch servers. These attacks mostly delivered cryptocurrency-mining malware, as in the case of one attack we saw last year. The latest attack we spotted deviates from the usual profit-driven motive by delivering backdoors as its payload. These threats can turn affected targets into botnet zombies used in distributed-denial-of-service (DDoS) attacks.

REFERENCE:
https://blog.trendmicro.com/trendlabs-security-intelligence/multistage-attack-delivers-billgates-setag-backdoor-can-turn-elasticsearch-databases-into-ddos-botnet-zombies/