Massive Cyberattack on Australia Uses Cryptojacking Exploits

Published at: June 28, 2020

The Australian Cyber Security Centre said a group of “state actors” hacked Australian networks on June 19 and one of the vulnerabilities they exploited is related to cryptojacking malware attacks. 

According to the 48-page report released on June 24, the threat actors exploited four critical vulnerabilities in Telerik UI, including CVE-2019-18935, which was recently leveraged by the Blue Mockingbird malware gang to infect thousands of systems with XMRRig, a Monero (XMR) mining software.

Vulnerability mostly used for cryptojacking purposes

Although the advisory didn’t say if hackers could have installed cryptojacking malware during the recent massive cyberattack, such vulnerability is the preferred one for the cybercriminals for installing crypto-mining applications within corporate networks. 

The report elaborates on the CVE-2019-18935 vulnerability, which also has similarities with the ones that Cointelegraph reported on the Blue Mockingbird’s attack, although it doesn’t imply that such gang participated in the cyberattack against Australia:

“Other exploit payloads were identified by the ACSC most commonly when the actor’s attempt at a reverse shell was unsuccessful. These included: a payload that attempted to execute a PowerShell reverse shell; a payload that attempted to execute certutil.exe to download another payload; a payload that executed binary malware (identified in this advisory as HTTPCore) previously uploaded by the actor but which had no persistence mechanism; a payload that enumerated the absolute path of the web root and wrote that path to a file within the web root.”

Were state-backed Chinese hacker groups behind the attack?

Almost 10 Chinese hacker groups - engaged with espionage activities and allegedly have connections with China’s government - have the PlugX malware among their weapons, which was one of the malware identified in the Australian government’s report.

Some Australian officials have suggested that China could be behind the massive cyberattack, as the diplomatic issues have been on the rise between the two countries. It was said the attack could have come after Australia sought for an investigation on the origin of the COVID-19 virus, something that was not well-received the dragon nation officials, as they considered it a “discriminatory” accusation and responded with trade retaliation against the Oceanic country.

The Chinese government has denied the claims.

Tags
Technology
China
Australia
Hacks
Cybersecurity
Crimes
Malware
Related Posts
Major Chilean bank shuts down all branches following ransomware attack
Banco Estado, the only public bank in Chile and one of the three largest in the country, had to shut down its nationwide operations on Monday due to a cyberattack that turned out to be a ransomware launched by REvil. According to a public statement, the branches will remain closed for at least one day, but clarified that customers’ funds have not been affected by the incident. Citing sources close to the investigation, ZDNet reported that the REvil ransomware gang is behind the attack. It reportedly originated from an Office document infected with the malware that an employee received and …
Technology / Sept. 8, 2020
California University Pays Million-Dollar Crypto Ransom
The University of California at San Francisco School of Medicine reportedly paid a $1.14 million ransom in cryptocurrencies to the hackers behind a ransomware attack on June 1. According to CBS San Francisco, the UCSF IT staff first detected the security incident, stating that the attack launched by NetWalker group affected “a limited number of servers in the School of Medicine.” Although the areas were isolated by experts from the internal network, the hackers left the servers inaccessible and managed to deploy the ransomware successfully. A statement published by the University of California said: “The data that was encrypted is …
Technology / June 30, 2020
LG and Mitsubishi Hit by Ransomware Attacks, Data Leak ‘Coming Soon’
Two ransomware gangs reportedly attacked the electronics giant, LG, and Japanese multinational car manufacturer, Mitsubishi. The hackers are now threatening both companies with data leaks. Screenshots posted to the gang’s blog show several files, as well as source code from the attack. No official statement from LG yet As of press time, the electronics giant has not addressed the incident officially. A statement from the ransomware gang alleges that the hackers managed to steal over 40GB of source code from the manufacturer. However, Brett Callow, threat analyst and ransomware expert at malware lab Emsisoft, stated that the alleged proofs don’t …
Technology / June 26, 2020
Report: Ransom Costs for Stolen Data Rose 200% From 2018 to 2019
On average, the ransom demanded by cryptocurrency ransomware hackers increased by 200% from 2018 to 2019. According to a report published on June 5 by cybersecurity firm Crypsis Group, the average ransom demanded by cryptocurrency ransomware groups in 2019 reached $115,123. The median ransom, on the other hand, increased by 300% from 2018’s first quarter to the last quarter to 2019, reaching over $21,700. According to Crypsis Group, ransoms have grown as hackers increasingly target enterprises and select victims who are able to pay higher sums. Just yesterday, Cointelegraph reported that ST Engineering Aerospace’s United States subsidiary fell victim to …
Technology / June 8, 2020
Spanish Railway Infrastructure Threatened by Ransomware
Ransomware gang REvil stole over 800 GB of data from ADIF, the Spanish state-owned railway infrastructure manager, after a successful attack deployed on their systems. According to El Español, the authorship of the cyberattack belongs to the well-known ransomware group after they published a post on the official darknet website of REvil on July 22, who boasted of adding another victim. The cybercriminals claimed to have caught over 800 GB in data from the servers of ADIF, although it’s not confirmed how they managed to breach the security of the railway infrastructure manager based in Madrid. REvil didn’t disclose major …
Technology / July 25, 2020