Pro-Ocean-Cloud Malware
Pro-Ocean-Cloud Malware The China-based cybercrime group Rocke, which is the best-known threat actor engaged in cryptomining operations targeting the cloud.The activities of Rocke, aka the Iron Group, SystemTen, Kerberods/Khugepageds, and even ex-Rocke, were originally reported in August 2018. Rocke was initially associated with ransomware campaigns using its Linux-focused Xbash tool, a data-destruction malware similar in functionality to NotPetya. NotPetya used the EternalBlue exploit to propagate across a network. Xbash performed lateral movement by leveraging an organization’s unpatched vulnerabilities and use of weak passwords, which potentially limited its overall effectiveness. Pro-Ocean is a revised version of cloud-targeted cryptojacking malware with improved rootkit and worm capabilities. Pro-Ocean uses known vulnerabilities to target cloud applications. It contains four modules that deploy during execution — hiding, mining, infecting, and watchdog. Each module co...