Chinese Hackers Use New Cryptojacking Tactics to Evade Detection

Chinese-speaking cybercrime group Rocke, known for operating multiple large-scale malicious crypto-mining campaigns, has now switched to new Tactics, Techniques, and Procedures (TTPs), including new C2 infrastructure and updated malware to evade detection.

Rocke is a financially motivated threat group first spotted in April 2018 by Cisco Talos researchers while exploiting unpatched Apache Struts, Oracle WebLogic, and Adobe ColdFusion servers, and dropping cryptomining malware from attacker-controlled Gitee and GitLab repositories.

During January, Palo Alto Network’s Unit 42 team found code that uninstalls multiple cloud security and monitoring products developed by Tencent Cloud and Alibaba Cloud from Linux servers, after analyzing new Rocke malware samples.

Rocke’s new…

Source link

About coldfusion

Check Also

Microsoft’s end-of-summer software security cleanse crushes more than 80 bugs • The Register

Patch Tuesday For its September Patch Tuesday, Microsoft churned out fixes for 66 vulnerabilities alongside …

Leave a Reply

Your email address will not be published. Required fields are marked *