Friday, May 9, 2025
HomecryptocurrencyHackers Hijacked Alibaba Servers to Install Cryptominer Malware

Hackers Hijacked Alibaba Servers to Install Cryptominer Malware

Published on

SIEM as a Service

Follow Us on Google News

Hackers have recently targeted and hacked the Alibaba Elastic Computing Service (ECS) instances. All this is being done with the motive to install crypto-miner malware so that the threat actors can secure the available server resources for their own personal benefit.

The hacker “AgainstTheWest” on the RaidForums forum had proclaimed that they have hacked into Alibaba Cloud’s servers, and they have also stolen a large amount of source code. 

After investigating the attack, the experts opined that the stolen source code was hacked, and later the hackers have sold it at a price of $5,000, and the payment was done in Bitcoin or Monero.

- Advertisement - Google News

ECS security agent removed to install miners

Alibaba ECS servers are being hacked and are also targeted by many threat actors because they lack different privilege levels configured on an occurrence.

However, the instances that are available in the servers offer root access by default, and thus it becomes easier for the threat actors to gain access to login credentials so that they can access the target server through SSH.

Moreover, these lacks also allow the threat actors to create firewall rules that generally filter the incoming packets from IP ranges that belong to internal Alibaba servers, and doing this helps the threat actors to stop the detection by the security agent.

Cryptojacking Aliyun

Alibaba Cloud Security provides a guide on how to stop the ongoing infection and malicious activities, as it is the responsibility of the user to prevent this infection from occurring.

One of the important points to note is that Alibaba ECS has an auto-scaling feature, and in this feature users and organizations can allow the service to automatically regulate the computing resources that are based on the volume of user requests.

Mitigating The Impact

Here are a few recommendations offered:-

  • Both CSPs and users have a duty to assure that all the security configurations of workloads, projects, and environments should stay safe. 
  • Customize the security characteristics of cloud projects and workloads. 
  • Try to avoid running applications under root privilege and managing passwords for SSH.
  • Always follow the principle of least privilege.

This type of crypto hijacking is quite dangerous, and that’s why the experts affirmed that it is quite necessary for the users to stay altered and keep a check on their workloads.

You can follow us on LinkedinTwitterFacebook for daily Cybersecurity, and hacking news updates.

Balaji
Balaji
BALAJI is an Ex-Security Researcher (Threat Research Labs) at Comodo Cybersecurity. Editor-in-Chief & Co-Founder - Cyber Security News & GBHackers On Security.

Latest articles

Hackers Exploit Host Header Injection to Breach Web Applications

Cybersecurity researchers have reported a significant rise in web breaches triggered by a lesser-known...

Hackers Exploit Windows Remote Management to Evade Detection in AD Networks

A new wave of cyberattacks is targeting Active Directory (AD) environments by abusing Windows...

Researchers Uncover Remote Code Execution Flaw in macOS – CVE-2024-44236

Security researchers Nikolai Skliarenko and Yazhi Wang of Trend Micro’s Research Team have disclosed...

Apache ActiveMQ Vulnerability Allows Attackers to Induce DoS Condition

Critical vulnerability in Apache ActiveMQ (CVE-2024-XXXX) exposes brokers to denial-of-service (DoS) attacks by allowing...

Resilience at Scale

Why Application Security is Non-Negotiable

The resilience of your digital infrastructure directly impacts your ability to scale. And yet, application security remains a critical weak link for most organizations.

Application Security is no longer just a defensive play—it’s the cornerstone of cyber resilience and sustainable growth. In this webinar, Karthik Krishnamoorthy (CTO of Indusface) and Phani Deepak Akella (VP of Marketing – Indusface), will share how AI-powered application security can help organizations build resilience by

Discussion points


Protecting at internet scale using AI and behavioral-based DDoS & bot mitigation.
Autonomously discovering external assets and remediating vulnerabilities within 72 hours, enabling secure, confident scaling.
Ensuring 100% application availability through platforms architected for failure resilience.
Eliminating silos with real-time correlation between attack surface and active threats for rapid, accurate mitigation

More like this

Researchers Simulate DPRK’s Largest Cryptocurrency Heist Through Compromised macOS Developer and AWS Pivoting

Security researchers at Elastic have recreated the intricate details of the February 21, 2025,...

Researchers Reveal Threat Actor TTP Patterns and DNS Abuse in Investment Scams

Cybersecurity researchers have uncovered the intricate tactics, techniques, and procedures (TTPs) employed by threat...

FBI Reports ₹1.38 Lakh Crore Loss in 2024, a 33% Surge from 2023

The FBI’s Internet Crime Complaint Center (IC3) has reported a record-breaking loss of $16.6...