Intrusions commence with brute-force attempts to guess the PostgreSQL database's credentials, which when achieved would be followed by the establishment of a superuser role that would ensure database access even after modifications to the original credentials.
Article Link: Cryptomining aimed by new PostgreSQL database-targeting malware | SC Media