This turf war has been secretly going on since late last year, ever since the rise of a new hacker group named Pacha, which was pretty successful at challenging Rocke --the top hacker group specialized in Monero crypto-mining operations. Both groups operate mass-scanning operations that look for open or unpatched cloud services and servers to infect them with a multi-functional Linux-based malware strain. The most aggressive of the two is, by far, the smaller Pacha group, which adopted a strategy of removing a long list of known crypto-mining malware strains on each server it infected. This trick of removing competitors from infected servers is also present in the Rocke group's malware, according to Nacho Sanmillan, Intezer Labs security researcher. However, the Pacha Group is catching up quickly, having recently added support for an Atlassian Confluence server vulnerability that is one of today's most exploited security flaws [1, 2, 3].