A report from the Australian Cyber Security Centre highlights a vulnerability related to attacks using cryptojacking malware.
The Australian Cyber Security Centre said a group of “state actors” hacked Australian networks on June 19 and one of the vulnerabilities they exploited is related to cryptojacking malware attacks.
According to the 48-page report released on June 24, the threat actors exploited four critical vulnerabilities in Telerik UI, including CVE-2019-18935, which was recently leveraged by the Blue Mockingbird malware gang to infect thousands of systems with XMRRig, a Monero (XMR) mining software.
Vulnerability mostly used for cryptojacking purposes
Although the advisory didn’t say if hackers could have installed cryptojacking malware during the recent massive cyberattack, such vulnerability is the preferred one for the cybercriminals for installing crypto-mining applications within corporate networks.
The report elaborates on the CVE-2019-18935 vulnerability, which also has similarities with the ones that Cointelegraph reported on the Blue Mockingbird’s attack, although it doesn’t imply that such gang participated in the cyberattack against Australia:
“Other exploit payloads were identified by the ACSC most commonly when the actor’s attempt at a reverse shell was unsuccessful. These included: a payload that attempted to execute a PowerShell reverse shell; a payload that attempted to execute certutil.exe to download another payload; a payload that executed binary malware (identified in this advisory as HTTPCore) previously uploaded by the actor but which had no persistence mechanism; a payload that enumerated the absolute path of the web root and wrote that path to a file within the web root.”
Were state-backed Chinese hacker groups behind the attack?
Almost 10 Chinese hacker groups – engaged with espionage activities and allegedly have connections with China’s government – have the PlugX malware among their weapons, which was one of the malware identified in the Australian government’s report.
Some Australian officials have suggested that China could be behind the massive cyberattack, as the diplomatic issues have been on the rise between the two countries. It was said the attack could have come after Australia sought for an investigation on the origin of the COVID-19 virus, something that was not well-received the dragon nation officials, as they considered it a “discriminatory” accusation and responded with trade retaliation against the Oceanic country.
The Chinese government has denied the claims.
Source: , CoinTelegraph
Articles listed with Cash Tech News as the author are either general information, or may have been imported from another website, to bring our readers a rich media experience that encompasses articles that we find interesting, as well as those curated by others.
The views and opinions expressed here are for informational purposes only, and should not be confused with professional financial advice. These opinions are solely those of the author and do not necessarily reflect the views of CashTechNews.com. Every investment and trade involves risk. You should conduct your own research, and contact your professional financial advisor before making any investment.
Corrections, feedback, and ideas should be submitted through the website contact form.