New Abcbot botnet goes after Chinese cloud providers

[correlate]

Level 18
Thread author
Top Poster
Well-known
May 4, 2019
801
Security researchers have spotted a new malware botnet that, over the past few months, has specifically targeted the infrastructure of Chinese cloud hosting providers.

Named Abcbot, the botnet has targeted servers hosted by companies like Alibaba Cloud, Baidu, Tenemt, and Huawei Cloud, Cado Security said in a report today, echoing previous findings from Trend Micro and Qihoo 360 Netlab.
 

HarborFront

Level 71
Verified
Top Poster
Content Creator
Oct 9, 2016
6,014
So must be by the US because Russia and China are good friends, right?

All these years the US always accused the Chinese and Russian for targeting their network. This time round the Chinese has been targeted. So, it has to be by the US because, like I said, the Chinese and the Russian are good friends.

:D
 

silversurfer

Level 85
Verified
Honorary Member
Top Poster
Content Creator
Malware Hunter
Well-known
Aug 17, 2014
10,057

Abcbot Botnet Linked to Operators of Xanthe Cryptomining malware​

New research into the infrastructure behind an emerging DDoS botnet named Abcbot has uncovered links with a cryptocurrency-mining botnet attack that came to light in December 2020.

Attacks involving Abcbot, first disclosed by Qihoo 360's Netlab security team in November 2021, are triggered via a malicious shell script that targets insecure cloud instances operated by cloud service providers such as Huawei, Tencent, Baidu, and Alibaba Cloud to download malware that co-opts the machine to a botnet, but not before terminating processes from competing threat actors and establishing persistence. The shell script in question is itself an iteration of an earlier version originally discovered by Trend Micro in October 2021 hitting vulnerable ECS instances inside Huawei Cloud.

But in an interesting twist, continued analysis of the botnet by mapping all known Indicators of Compromise (IoCs), including IP addresses, URLs, and samples, has revealed Abcbot's code and feature-level similarities to that of a cryptocurrency mining operation dubbed Xanthe that exploited incorrectly-configured Docker implementations to propagate the infection.
"The same threat actor is responsible for both Xanthe and Abcbot and is shifting its objective from mining cryptocurrency on compromised hosts to activities more traditionally associated with botnets, such as DDoS attacks," Cado Security's Matt Muir said in a report shared with The Hacker News.
 
  • Like
Reactions: harlan4096

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top