More than 28% of cloud environments may be compromised

In News

More than 28% of cloud environments may be compromised by Rocke, the China-based cybercrime group, according to research from Unit 42, the global threat intelligence team at Palo Alto Networks.

Unit 42 has released high-level results from its investigation of Rocke after spending six months researching the cybercrime group.

Unit 42 concluded that Rocke, which is the best-known threat actor engaged in cryptomining operations targeting the cloud, is able to conduct operations with little interference and limited detection risk.

By analyzing NetFlow data from December 2018 to June 16, 2019, Unit 42 found that 28.1% of the cloud environments it surveyed had at least one fully established network connection with at least one known Rocke command-and-control (C2) domain. Several of those organizations maintained near daily connections. Meanwhile, 20% of the organizations maintained hourly heartbeats consistent with Rocke tactics, techniques, and procedures (TTPs).

Rocke has also released a new tool called Godlua, which could function as an agent, allowing the group’s actors to perform additional scripted operations, including denial of service (DoS) attacks, network proxying, and two shell capabilities. Unit 42 also discovered network traffic identification patterns within NetFlow traffic that provide unique insight into Rocke TTPs and how defenders can develop detection capabilities.

The activities of Rocke, which is also known as the Iron Group, SystemTen, Kerberods/Khugepageds, and even ex-Rocke, were originally reported in August 2018.

Rocke was initially associated with ransomware campaigns through the use of its Linux-focused Xbash tool, a data-destruction malware similar in functionality to NotPetya.


You may also read!

Data Protection Day 2020: De-Risking in the Era of Transparency

Daniel Fried, General Manager (GM) and Senior Vice President (SVP), EMEA and Worldwide Channels, Veeam explains the relevance of


Allegion showcases its latest security solutions at Intersec 2020

Allegion exhibited its latest security solutions at Intersec 2020. With a strong focus on security around the door and


Infoblox announces 5-city cybersecurity tour throughout MEA

Infoblox announced that it is hosting a 5-city cybersecurity tour throughout Middle East & Africa (MEA) under the theme


Join Our Newsletter!

Love SecurityMEA? We love to tell you about our new stuff. Subscribe to newsletter!

Mobile Sliding Menu