Chinese Hackers Use New Cryptojacking Tactics to Evade Detection

Chinese-speaking cybercrime group Rocke, known for operating multiple large-scale malicious crypto-mining campaigns, has now switched to new Tactics, Techniques, and Procedures (TTPs), including new C2 infrastructure and updated malware to evade detection.

Rocke is a financially motivated threat group first spotted in April 2018 by Cisco Talos researchers while exploiting unpatched Apache Struts, Oracle WebLogic, and Adobe ColdFusion servers, and dropping cryptomining malware from attacker-controlled Gitee and GitLab repositories.

During January, Palo Alto Network’s Unit 42 team found code that uninstalls multiple cloud security and monitoring products developed by Tencent Cloud and Alibaba Cloud from Linux servers, after analyzing new Rocke malware samples.

Rocke’s new…


Source link

About coldfusion

Check Also

Cloud Attacks Are Bypassing MFA, Feds Warn – Threatpost

CISA has issued an alert warning that cloud services at U.S. organizations are being actively …

Leave a Reply

Your email address will not be published. Required fields are marked *