The Australian Cyber Security Center has published a report highlighting vulnerabilities that are being exploited by hackers using cryptojacking malware.
According to the Australian Cyber Security Centre (ACSC)—Australian networks are being exploited by cryptojacking malware attacks. The report released on June 24, outlined that the cyber attackers are leveraging vulnerabilities like CVE-2019-18935 to infect thousands of systems with a Monero (XMR) crypto mining software called XMRRig.
Per the report, “The actor has shown the capability to quickly leverage public exploit proof of concepts (POCs) to target networks of interest and regularly conducts reconnaissance of target networks looking for vulnerable services, potentially maintaining a list of public-facing services to quickly target following future vulnerability releases. The actor has also shown an aptitude for identifying development, test, and orphaned services that are not well known or maintained by victim organizations.”
The ACSC highlighted that when the bad actors are unable to exploit the public-facing infrastructure—the attackers will utilize various computer phishing techniques. These include links to credential harvesting websites; emails with links to malicious files, or with the malicious file directly attached; links prompting users to grant Office 365 OAuth tokens to the actor, and the use of email tracking services to identify the email opening and lure click-through events.
Are State-Backed Chinese Hackers Involved?
As reported on June 19, Australian Federal Government agencies believe that China is the nation behind ongoing cyber-attacks on Australian institutions.
Indeed there have been reports throughout the year of state-backed Chinese hacker groups in a spate of cyberattacks worldwide.
The attacks on Australian networks appear to have kicked off shortly after Australia officials publically called for an independent investigation into the origins of the COVID-19 virus, and by extension into China’s handling of the outbreak. China has already responded with heavy trade retaliation, but the sophistication of the recent cyberattacks makes Australian officials believe they are a secondary retaliation of the authoritarian regime.
Australian Prime Minister Scott Morrison said, “We know it is a sophisticated state-based cyber actor because of the scale and nature of the targeting and the tradecraft used.”
Mr. Morrison said, so far, it did not appear there had been any “large-scale” breaches of people’s personal information but described the attacks as “malicious”. Morrison pulled up short of outright accusing China, but the nature of the report left little to the audience’s imagination pertaining to the Australian Government’s primary suspect. When asked he responded, “What I can confirm is there are not a large number of state-based actors that can engage in this type of activity.”
According to the Council on Foreign Relations—China, Russia, and Iran are the top three states suspected of sponsoring cyber operations.
The Chinese government has adamantly denied all claims of cyberattacks worldwide.
Image source: Shutterstock