Chinese Cybercrime Group Launches Destructive Malware Family

Uploaded on 2018-09-24 in TECHNOLOGY--Hackers, NEWS-Cybersecurity News, GOVERNMENT-Law Enforcement, FREE TO VIEW

A prolific cybercrime group known as Iron Group is actively developing a new family of destructive malware that pretends to ask for ransom, but in fact steals and deletes victims’ data as it self-propagates itself on a quest for the next target. Also known as Rocke, the criminals are a Chinese-speaking hacking group that has grown in notoriety this year for its use of crypto-jacking malware that leverages a backdoor from HackingTeam’s leaked code.

Researchers from numerous cybersecurity firms have pointed to Iron as a threat that has to be followed because they’re continuously updating and adding new featuring to malware that’s regularly exploring new attack vectors. Palo Alto Networks researchers have announced a new finding: Iron developed a new malware family, Xbash, that self-propagates and appears to destroy a victim’s data.

Ransomware and crypto-jacking, Iron’s previous methods of attack, are much more obvious ways to regular profits. It’s not clear why the group would pivot to destructive malware.

“We agree that it seems odd,” said Jen Miller-Osborn, Deputy Director of Threat Intelligence (Unit 42) at Palo Alto Networks. “Though there is no way for the victims to know the attackers did not create copies of their files to return (as it claims to). 

“It’s only once they’ve paid, and the attackers don’t restore the files, that the victims know their files are truly gone. The attackers may be happy enough to make whatever profits they can without the added step of having to store, track, and return the data.”

The malware logs into a victim’s databases, deletes almost everything, creates a new database named “PLEASE_READ_ME_XYZ” and offers a ransom message demanding 0.02 BTC to recover the deleted data.  But, there is no evidence attackers are actually returning any data and, researchers said, no evidence that the malware is even capable of backing up the deleted data at all.

Researchers describe Xbash as “a combination of botnet and ransomware” aimed at “discovering unprotected services, deleting victim’s MySQL, PostgreSQL and MongoDB databases, and ransom for Bitcoins. Xbash uses three known vulnerabilities in Hadoop, Redis and ActiveMQ for self-propagation or infecting Windows systems.”

Some functionality, including the ability to scan for vulnerable servers within an enterprise Intranet, have not yet been enabled.
Just 48 incoming transactions worth 0.964 bitcoins have been observed so far, a take worth about $6,000 USD right now.

CyberScoop

You Might Also Read: 

Cybercrime Costs Over $600 Billion Annually:

 

 

« British Government Is Planning Internet Regulation
White House To Step Up Cyber Counter-Offensive »

CyberSecurity Jobsite
Check Point
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

TÜV SÜD Academy UK

TÜV SÜD Academy UK

TÜV SÜD offers expert-led cybersecurity training to help organisations safeguard their operations and data.

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

ZenGRC

ZenGRC

ZenGRC (formerly Reciprocity) is a leader in the GRC SaaS landscape, offering robust and intuitive products designed to make compliance straightforward and efficient.

AusCERT

AusCERT

AusCERT is the premier Computer Emergency Response Team (CERT) in Australia and a leading CERT in the Asia/Pacific region

Global Digital Forensics (GDF)

Global Digital Forensics (GDF)

GDF specialise in Digital Forensics and e-Discovery. Other services include Data Breach Response and Cyber Security.

Tinfoil Security

Tinfoil Security

Tinfoil is a simple, developer friendly service that lets you scan your website for vulnerabilities and fix them quickly and easily.

Silicom Denmark

Silicom Denmark

Silicom Denmark is a premier developer and supplier of FPGA-based interface cards for cyber-security, telecommss, financial trading and other sectors.

Ntirety

Ntirety

Ntirety Managed Security Services offer enterprise businesses the advanced tools, processes, and support to ensure your infrastructure, networks, and mission-critical applications are secure.

Ordr

Ordr

Ordr Systems Control Engine. The first actionable AI-based systems control engine for the hyper-connected enterprise. You’re in control.

Earlybird Venture Capital

Earlybird Venture Capital

Earlybird is a venture capital investor focused on European technology innovators.

Alcon Maddox

Alcon Maddox

Alcon Maddox is a niche recruitment and executive search firm specialised in sourcing exceptional Cyber Security sales and commercial leadership talent. Serving clients across the Middle East & Europe

GuardDog.ai

GuardDog.ai

guardDog.ai has developed a cloud-based software service with a companion device that work together to simplify network security.

Firmus

Firmus

As the leading penetration testing services provider in Malaysia, Firmus evaluates the ability of your internal or external information assets to withstand attacks.

Goldilock

Goldilock

Goldilock is redefining how sensitive data, devices, networks and critical infrastructure can be secured.

Sekur Private Data

Sekur Private Data

Sekur Private Data Ltd. is a Cybersecurity and Internet privacy provider of Swiss hosted solutions for secure communications and secure data management.

Whitaker Brothers

Whitaker Brothers

Whitaker Brothers data destruction equipment can be found in 115 countries and every single continent in the world, from major military organizations to small offices.

Benchmark IT Services (BITS)

Benchmark IT Services (BITS)

BITS is a leading cyber security company in Australia. Our certified professionals work with you to keep your data assets safe and secure.

Cytex

Cytex

Cytex is the All-in-One solution for SMB data protection & compliance needs.

Garantir

Garantir

Garantir is a cybersecurity company that provides advanced cryptographic solutions to the enterprise.