Copy link
Increase text size
Decrease text size
Link copied

Australia cyberattack exploited vulnerability usually used in cryptojacking malware attacks

The Australian Cyber Security Centre revealed that hackers exploited known vulnerabilities in the Telerik user interface.

Image by Gerd Altmann from Pixabay

Mon, 29 Jun 2020, 08:42 am UTC

The cyberattacks on Australian networks last June 19 were done by a group “state actors,” according to a recent report released by the Australian Cyber Security Centre. The ACSC said that the attack exploited one of the vulnerabilities usually used to infect systems with cryptojacking malware, Cointelegraph reported.

The ACSC, which released the 48-page report on June 24, revealed that the hackers exploited four critical vulnerabilities in the Telerik user interface called CVE-2019-18935, CVE-2017-9248, CVE-2017-11317, and CVE-2017-11357, according to BleepingComputer.

The CVE-2019-18935 vulnerability has been leveraged by hackers in past attacks and was used to infect systems for cryptocurrency mining purposes. For instance, the vulnerability was used by the Blue Mockingbird hacker group to infect Monero (XMR) crypto mining software XMRRig into thousands of systems.

However, the Australian Cyber Security Center report did not specifically state that the recent attacks on Australian networks were used to install cryptojacking malware. It must also be noted that the report did not claim Blue Mockingbird as a participant in the attacks.

The report also stated that there were other methods of attack attempted by the hacker in the June 19 incident. Thankfully, these methods did not achieve its objective.

“Other exploit payloads were identified by the ACSC most commonly when the actor’s attempt at a reverse shell was unsuccessful,” the report said. “These included: a payload that attempted to execute a PowerShell reverse shell; a payload that attempted to execute certutil.exe to download another payload; a payload that executed binary malware (identified in this advisory as HTTPCore) previously uploaded by the actor but which had no persistence mechanism; a payload that enumerated the absolute path of the webroot and wrote that path to a file within the web root.”

Based on its investigations, ACSC also made recommendations on how to mitigate the risk of compromise. One key area is the “prompt patching of internet-facing software, operating systems, and devices.” This also involves using the latest versions available for software and operating systems.

Another method that could reduce the risk of potential breaches is the “use of multi-factor authentication across all remote access services.” These include web and cloud-based email, collaboration platforms, virtual private network connections, and remote desktop services.

“It is imperative that Australian organizations are alert to this threat and take steps to enhance the resilience of their networks,” the ACSC warned. “Cybersecurity is everyone’s responsibility.”

TokenPost | [email protected]

<Copyright © TokenPost. All Rights Reserved. >

To leave a comment, please sign in.
More
  • Bitcoin (BTC) $9,389.93 (+1.07%)
  • Ethereum (ETH) $245.11 (+2.03%)
  • XRP (XRP) $0.224600 (+0.84%)
  • Bitcoin Cash (BCH) $241.39 (+0.38%)
  • Bitcoin SV (BSV) $187.68 (+1.20%)
  • Bitcoin (BTC) $9,389.93 (+1.07%)
Feb 21, 2020 (Friday)
12:01
Paxos launches blockchain-based securities settlement solution with Credit Suisse and Instinet
12:00
Brazil to launch new payment system in response to cryptocurrencies
11:59
Digital currency exchange Coinbase Pro lists Kyber Network token
11:57
Norwegian Air to soon start accepting crypto payments
10:21
Swedish central bank begins CBDC pilot with Accenture
09:51
Italian soccer team Juventus launches ethereum-based digital collectibles with Sorare
Feb 20, 2020 (Thursday)
14:16
Telecom companies complete cross-carrier mobile payments using blockchain
11:53
National Stock Exchange of Australia to develop DLT-based digital securities trading platform
11:00
South Korean ICO project discontinued, to return $7.5M to token holders
10:36
Samsung maintains crypto support in soon-to-launch Galaxy S20
09:41
BIS appoints Innovation Hub heads to lead Singapore and Switzerland
09:15
Coinbase becomes first crypto company to receive Visa principal membership
08:59
Dubai Economy and six banks launch KYC Blockchain Consortium
08:26
Crypto Technicals: ETH/USD under downside pressure after 'Bearish Engulfing' pattern
07:12
Tim Draper buys $1M worth of Aragon Tokens to create digital courts for DAOs
06:13
Renewable energy firm Acciona commits to take CBI’s blockchain-based carbon credits trading platform global
05:02
Crypto Technicals: BTC/USD trades below 21-EMA, break below 4H 200 MA (9386) to trigger further downside
04:56
Crypto exchange Coinfloor to launch a simplified bitcoin buying service
04:35
Indonesia’s customs department joins IBM- Maersk blockchain shipping platform “TradeLens”
Feb 19, 2020 (Wednesday)
12:46
Crypto custodian BitGo acquires digital securities startup Harbor
Subscribe to the TokenPost newsletter!
Don't show me this again today.
Back to top
Copyright ⓒ TokenPost. All Rights Reserved.
PUBLISHsoft