Chinese Hackers Use New Cryptojacking Tactics to Evade Detection

Chinese Hackers Use New Cryptojacking Tactics to Evade Detection

Chinese-speaking cybercrime group Rocke, known for operating multiple large-scale malicious crypto-mining campaigns, has now switched to new Tactics, Techniques, and Procedures (TTPs), including new C2 infrastructure and updated malware to evade detection.

Rocke is a financially motivated threat group first spotted in April 2018 by Cisco Talos researchers while exploiting unpatched Apache Struts, Oracle WebLogic, and Adobe ColdFusion servers, and dropping cryptomining malware from attacker-controlled Gitee and GitLab repositories.

During January, Palo Alto Network’s Unit 42 team found code that uninstalls multiple cloud security and monitoring products developed by Tencent Cloud and Alibaba Cloud from Linux servers, after analyzing new Rocke malware samples.

Rocke’s new…


Source link

About coldfusion

Check Also

Ransomware actor exploits unsupported ColdFusion servers — but comes away empty-handed

Servers are always a point of interest for threat actors as they are one of …

Leave a Reply

Your email address will not be published. Required fields are marked *