“Cybercriminals write malicious components in Python, while Pastebin and GitHub are used as code repositories”, — Palo Alto Networks explains.
Experts believe that the malware has Chinese roots and was created by a cybercrime group from China, known as Rocke. The miner attacks cloud infrastructures, through which it then extracts digital currency. A company that has been the victim of such an attack usually notices that its electricity bills have grown substantially.
“During their attacks, cybercriminals exploit vulnerabilities discovered in 2016 and 2017. Attackers tried to avoid detection, so they penetrated the victim’s system, but not deeply”, — wrote researchers at Palo Alto Networks.
Criminals get administrative access to cloud systems thanks to a malicious program that can hide its presence from traditional detection methods.
“By analyzing NetFlow data from December 2018 to June 16, 2019, we found that 28.1% of the cloud environments we surveyed had at least one fully established network connection with at least one known Rocke command-and-control (C2) domain. Several of those organizations maintained near daily connections. Meanwhile, 20% of the organizations maintained hourly heartbeats consistent with Rocke tactics, techniques, and procedures (TTPs)”, — report Palo Alto Networks specialists.
Compromised systems are then associated with Rocke’s IP addresses and domains, which are coded in the malware.
Read also: The new version of the banking Trojan TrickBot “kicks off” Windows Defender
The initial attack vector, as in majority of such cases, is fishing. Once this phase is successful, the malware will be downloaded to the system of the attacked company from the command centers, including GitHub and Pastebin.
About Pbmsoultions.com Pbmsoultions.com pop-ups can not launch out of the blue. If you have actually…
About Prizestash.com Prizestash.com pop-ups can not expose out of the blue. If you have actually…
About Verifiedbreaking.com Verifiedbreaking.com pop-ups can not launch out of nowhere. If you have actually clicked…
About Themoneyminutes.com Themoneyminutes.com pop-ups can not launch out of the blue. If you have actually…
About News-xcidizi.com News-xcidizi.com pop-ups can not introduce out of nowhere. If you have clicked some…
About Everytraffic-flow.com Everytraffic-flow.com pop-ups can not launch out of nowhere. If you have actually clicked…