A series of cryptojacking attacks took place on June 19th. What was the main target of the hackers and did they act on someone’s behalf?
In short:
Gaps in the interface
The break-in happened on June 19th. A group of hackers got into the Australian network, taking advantage of the problems it created. One of them allowed cryptojacking malware. The hackers exploited 4 vulnerabilities gaps in the Telerik interface. One of them was already used by Blue gang to infect thousands of computers to mine Monero. Cryptojacking attacks involving forcing unaware people’s computers to mine XMR are relatively common – just like in the case of recent supercomputer attacks. This is because it is one of the most anonymous cryptocurrency and it is impossible to determine whether it comes from a legal source.
What was the purpose?
The vulnerability used by hackers is mainly used for cryptocurrency purposes. However, it is not known for what purpose the hackers used it for. Cybercriminals in recent hacking attacks most often install cyberjacking software on corporate networks.
Blue Mockingbird Gang attacks
Gang Blue is a group of hackers operating on a global scale. Among other things, they installed malware for Monero mining, taking advantage of a gap in servers with ASP.NET applications. This allows hackers to gain access at the administrator level and have the ability to modify server settings. They then install the malware. The attacks carried out by this gang lasted from December 2019 and concerned many large companies, but their exact data is not public. A vulnerability in the Remote Desktop Protocol in Windows was used for this purpose.
Attacks in Australia using the same vulnerability
The attacks that took place in Australia exploited, among other things, the same gap as the Blue Gang. However, hackers’ motivations remain a mystery. Some Australian officials suggest that the attacks may have been the responsibility of the dragon nation.
The conflict between Australia and China
Australia has requested an international investigation that would clearly confirm the origin of the COVID-19 virus.
In addition, the Australian Prime Minister added that it most likely originated from the Wuhan market. The Chinese authorities have not agreed to initiate an investigation into the case and the countries involved are threatened with sanctions. In addition, Chinese officials responded with commercial retaliation in exchange for a discriminatory allegation. Since then, diplomatic problems between the two countries have increased. Were the attacks linked to this situation?
The Chinese government denied these allegations.