Recent cyber attack spree in Australia traced back to Chinese hacking groups
A report by the Australian Cyber Security Centre (ACSC) has released details on a crypto-jacking spree by gangs purportedly from China exploiting vulnerabilities in multiple Australian networks.
The report was released last week with the title “Copy-Paste Compromises – tactics, techniques and procedures used to target multiple Australian networks” stated that threat actors exploited four critical vulnerabilities in public-facing infrastructure, in a form of a cyber attack.
The primary exploits were through the use of remote code execution vulnerability in unpatched versions of Telerik UI, which is a web, mobile, and desktop software.
Vulnerabilities in Microsoft Internet Information Services (IIS), a 2019 SharePoint vulnerability, and the 2019 Citrix vulnerability, were also exploited.
Cointelegraph made the link with the Blue Mockingbird malware gang which has carried out similar attacks to infect thousands of systems with XMRRig, Monero (XMR) mining software.
The ACSC report elaborated on specific vulnerabilities such as CVE-2019-18935 used in Telerik UI for ASP.NET, and spearphishing attempts. Several Microsoft files and systems were also exploited.
Some Australian officials have hinted at Chinese involvement in the ongoing series of cyber attack as tensions between the two nations escalate.
Western Australia’s government has defended its security protocols after an employee was targeted in a cyber attack reportedly linked to the Chinese military. https://t.co/UOANhPrpnk via @InfoSecHotSpot pic.twitter.com/age5lqTWLk
— Sean Harris (@InfoSecHotSpot) May 8, 2020
Prime Minister Scott Morrison said Australian organizations, including governments and businesses, were currently being targeted by a sophisticated foreign “state-based” hacker, according to ABC News.
The premier did not name China specifically but senior sources confirmed China is believed to be behind the cyber-attacks.
Featured image courtesy of Catarina Sousa/Pexels