Thursday, December 5, 2024
HomecryptocurrencyHackers Hijacked Alibaba Servers to Install Cryptominer Malware

Hackers Hijacked Alibaba Servers to Install Cryptominer Malware

Published on

SIEM as a Service

Hackers have recently targeted and hacked the Alibaba Elastic Computing Service (ECS) instances. All this is being done with the motive to install crypto-miner malware so that the threat actors can secure the available server resources for their own personal benefit.

The hacker “AgainstTheWest” on the RaidForums forum had proclaimed that they have hacked into Alibaba Cloud’s servers, and they have also stolen a large amount of source code. 

After investigating the attack, the experts opined that the stolen source code was hacked, and later the hackers have sold it at a price of $5,000, and the payment was done in Bitcoin or Monero.

- Advertisement - SIEM as a Service

ECS security agent removed to install miners

Alibaba ECS servers are being hacked and are also targeted by many threat actors because they lack different privilege levels configured on an occurrence.

However, the instances that are available in the servers offer root access by default, and thus it becomes easier for the threat actors to gain access to login credentials so that they can access the target server through SSH.

Moreover, these lacks also allow the threat actors to create firewall rules that generally filter the incoming packets from IP ranges that belong to internal Alibaba servers, and doing this helps the threat actors to stop the detection by the security agent.

Cryptojacking Aliyun

Alibaba Cloud Security provides a guide on how to stop the ongoing infection and malicious activities, as it is the responsibility of the user to prevent this infection from occurring.

One of the important points to note is that Alibaba ECS has an auto-scaling feature, and in this feature users and organizations can allow the service to automatically regulate the computing resources that are based on the volume of user requests.

Mitigating The Impact

Here are a few recommendations offered:-

  • Both CSPs and users have a duty to assure that all the security configurations of workloads, projects, and environments should stay safe. 
  • Customize the security characteristics of cloud projects and workloads. 
  • Try to avoid running applications under root privilege and managing passwords for SSH.
  • Always follow the principle of least privilege.

This type of crypto hijacking is quite dangerous, and that’s why the experts affirmed that it is quite necessary for the users to stay altered and keep a check on their workloads.

You can follow us on Linkedin, Twitter, Facebook for daily Cybersecurity, and hacking news updates.

Balaji
Balaji
BALAJI is an Ex-Security Researcher (Threat Research Labs) at Comodo Cybersecurity. Editor-in-Chief & Co-Founder - Cyber Security News & GBHackers On Security.

Latest articles

I-O DATA Routers Command Injection Vulnerabilities Actively Exploited in Attacks

I-O DATA DEVICE, INC. has announced that several critical vulnerabilities in their UD-LT1 and...

ChatGPT Next Web Vulnerability Let Attackers Exploit Endpoint to Perform SSRF

Researchers released a detailed report on a significant security vulnerability named CVE-2023-49785, affecting the...

Cisco NX-OS Vulnerability Allows Attackers to Bypass Image Signature Verification

A critical vulnerability has been identified in the bootloader of Cisco NX-OS Software, potentially...

Deloitte UK Hacked – Brain Cipher Group Claim to Have Stolen 1 TB of Data

Brain Cipher has claimed to have breached Deloitte UK and exfiltrated over 1 terabyte...

API Security Webinar

72 Hours to Audit-Ready API Security

APIs present a unique challenge in this landscape, as risk assessment and mitigation are often hindered by incomplete API inventories and insufficient documentation.

Join Vivek Gopalan, VP of Products at Indusface, in this insightful webinar as he unveils a practical framework for discovering, assessing, and addressing open API vulnerabilities within just 72 hours.

Discussion points

API Discovery: Techniques to identify and map your public APIs comprehensively.
Vulnerability Scanning: Best practices for API vulnerability analysis and penetration testing.
Clean Reporting: Steps to generate a clean, audit-ready vulnerability report within 72 hours.

More like this

Understanding Crypto Macroeconomic Factors: Navigating Inflation, Rates, And Regulations 

Diving into the world of cryptocurrencies, I've found it's a fascinating intersection of technology...

Crypto Network Security: Essential Tips To Protect Your Digital Assets In 2023 

Exploring the world of cryptocurrencies has been a thrilling journey for me. The allure...

Maximise Crypto Mining Profitability: Strategies For Success In 2023 

Diving into the world of crypto mining has always intrigued me. The allure of...