Skip to content

A massive cyber attack on Australia uses exploits for cryptojacking

June 29, 2020

The Australian Cyber ​​Security Center said a group of “government actors” hacked Australian networks on June 19 and one of the vulnerabilities they exploited related to cryptojacking malware attacks.

According to the 48-page report dated June 24th The actors of the threat exploited four critical vulnerabilities in the Telerik user interface, including CVE-2019-18935.that was recently exploited by the Blue Mockingbird malware gang to infect thousands of systems XMRRig, Monero mining software (XMR).

The vulnerability is primarily used for cryptojacking purposes

Although the release did not specify whether hackers might have installed cryptojacking malware during the recent massive cyberattack, This vulnerability is preferred by cybercriminals to install crypto-mining applications on corporate networks.

A massive cyber attack on Australia uses exploits for cryptojackingA massive cyber attack on Australia uses exploits for cryptojacking

The report addresses the vulnerability in CVE-2019-18935, which also has similarities to those reported by Cointelegraph about the attack by Blue mockingbirdAlthough this doesn’t mean that this gang participated in the cyber attack against Australia:

“Other exploits were most often identified by the ACSC when the actor’s attempt to reverse shell was unsuccessful, including: an exploit that attempts to execute a reverse PowerShell shell; an exploit that attempts to certutil Execute .exe to download another payload, a payload that was running binary malware (identified as HTTPCore in this release) that was previously loaded by the actor but had no persistence mechanism, a payload that listed the absolute path of the web root and wrote this path to a file in the root directory of the web “.

Were there Chinese government-backed hacker groups behind the attack?

Almost 10 groups of Chinese hackers involved in espionage activities and allegedly linked to the Chinese government have PlugX malware under their guns, one of the malware identified in the Australian government report.

Some Australian officials have suggested this China could be behind the massive cyber attack as diplomatic problems between the two countries have increased. The attack is said to have taken place after Australia requested an investigation into the origin of the United States COVID-19 virus, something that was not well received by dragon nation officials because they considered it a “discriminatory” allegation and responded with commercial retaliation. against the oceanic land.

The Chinese government has denied these claims.