Attackers Take New Approach to Installing Cryptominers

Security technology on cloud servers is supposed to help block and prevent the installation of malware, but what happens when attackers figure out how to uninstall security technology as part of a hacking campaign? According to a report released on Jan. 17 by Palo Alto Networks' Unit 42 security research division, that's exactly what the Rocke hacker group is doing in China. Palo Alto reported that Rocke is actively exploiting servers and gaining administrative access. With the full admin access, the hackers are then uninstalling security software and, in its place, installing unauthorized cryptocurrency mining software. Palo Alto reported that Rocke has been able to uninstall five different cloud security protection and monitoring products from cloud servers running Linux. The impacted cloud security products include Cloud Workload Protection Platform (CWPP) offerings from Tencent Cloud and Alibaba Cloud.