Categories: Uncategorized

Hackers Hijacked Alibaba Servers to Install Cryptominer Malware

Hackers have recently targeted and hacked the Alibaba Elastic Computing Service (ECS) instances. All this is being done with the motive to install crypto-miner malware so that the threat actors can secure the available server resources for their own personal benefit.

The hacker “AgainstTheWest” on the RaidForums forum had proclaimed that they have hacked into Alibaba Cloud’s servers, and they have also stolen a large amount of source code. 

After investigating the attack, the experts opined that the stolen source code was hacked, and later the hackers have sold it at a price of $5,000, and the payment was done in Bitcoin or Monero.

ECS security agent removed to install miners

Alibaba ECS servers are being hacked and are also targeted by many threat actors because they lack different privilege levels configured on an occurrence.

However, the instances that are available in the servers offer root access by default, and thus it becomes easier for the threat actors to gain access to login credentials so that they can access the target server through SSH.

Moreover, these lacks also allow the threat actors to create firewall rules that generally filter the incoming packets from IP ranges that belong to internal Alibaba servers, and doing this helps the threat actors to stop the detection by the security agent.

Cryptojacking Aliyun

Alibaba Cloud Security provides a guide on how to stop the ongoing infection and malicious activities, as it is the responsibility of the user to prevent this infection from occurring.

One of the important points to note is that Alibaba ECS has an auto-scaling feature, and in this feature users and organizations can allow the service to automatically regulate the computing resources that are based on the volume of user requests.

Mitigating the impact

Here are few recommendations offered:-

  • Both CSPs and users have a duty to assure that all the security configurations of workloads, projects, and environments should stay safe.
  • Customize the security characteristics of cloud projects and workloads.
  • Try to avoid running applications under root privilege and managing passwords for SSH.
  • Always follow the principle of least privilege.

This type of crypto hijacking is quite dangerous, and that’s why the experts affirmed that it is quite necessary for the users to stay altered and keep a check on their workloads.


Gurubaran is a Security Consultant, Security Editor & Co-Founder of Cyber Security News & GBHackers On Security.

Published by

Recent Posts

Google Revealed RETVec to Defend Malicious Emails & Spam for Gmail Users

The text-to-dense representation techniques vary, evolving from character bi-grams to advanced subword vectorizers, combating OOV…

2 days ago

New Android Malware FjordPhantom Spreads Covertly Via Email, SMS, & Messaging Apps

In the ever-evolving realm of cybersecurity, Promon, a trailblazer in mobile security solutions, has brought…

3 days ago

New SugarGh0st RAT Delivered via Malicious Windows Shortcut & JavaScript

Hackers use Remote Access Trojans (RATs) to gain unauthorized access and control over a victim's…

3 days ago

Black Basta Ransomware Received Over $100 Million From Victims

Black Basta, the fourth-most active ransomware strain with more than 329 victims, has reportedly made…

3 days ago

Notepad++ Input Validation Flaws Leads to uncontrolled Search Path Vulnerability

Notepad++ has been discovered with an uncontrolled search path vulnerability, which could allow threat actors…

3 days ago

WhatsApp Secret Code Feature Lets Users Set Unique Locked Chat Passwords

WhatsApp has announced the rollout of a new feature to safeguard sensitive conversations. The Secret…

3 days ago