Alibaba Cloud servers hacked to mine Monero cryptocurrency

News
By published

Alibaba Elastic Computing Service instances have become an attractive target for cybercriminals

Hacker Typing
(Image credit: Shutterstock)

Cybercriminals have begun targeting servers running on Alibaba Cloud in an attempt to use them to mine for cryptocurrency.

Cryptojacking, in which an attacker takes over an organization's servers to mine for cryptocurrency, is nothing new but Trend Micro has noticed that cybercriminals are increasingly targeting Alibaba's cloud infrastructure to mine for Monero as it is untraceable.

Alibaba Elastic Computing Service (ECS) instances are of particular value to cybercriminals since they have an auto scaling feature that allows the service to automatically adjust computing resources based on the volume of user requests according to a new report from the cybersecurity firm. Although this feature is provided to Alibaba's customers at no additional cost, the increase in resource usage ultimately leads to additional charges for its customers.

The cryptojacking landscape is shared by multiple threat actors including Kinsing and TeamTNT though their code shares common characteristics such as the ability to remove competing actors who are also mining for cryptocurrency and to disable security features found on the victim machine.

Targeting Alibaba ECS instances

Alibaba ECS instances come with a preinstalled security agent which cybercriminals often try to immediately disable after gaining access to a customer's server. 

During its recent investigation, Trend Micro found a specific code in the malware used by the attackers to create firewall rules to drop incoming packets from IP ranges belonging to internal Alibaba zones and regions. At the same time, the default Alibaba ECS instance provides root access which makes it much easier for cybercriminals to use its cloud servers for cryptojacking.

With the highest possible privilege already available upon compromise, an attacker can deploy advanced payloads such as kernel module rootkits and achieve persistence on a victim's Alibaba ECS instance. This could be one of the reasons cybercriminals have begun to specifically target the Chinese company's cloud computing service over competitors such as AWS or Microsoft Azure.

For organizations using Alibaba Cloud, Trend Micro recommends that they practice a shared responsibility model where CSPs and users have a responsibility to ensure the security configurations of workloads, projects and environments, customize the security features of cloud projects and workloads and follow the principle of least privilege where the number of users with the highest access privileges are limited.

Also check out the best endpoint protection software, best cloud firewall and best malware removal software

TOPICS
Anthony Spadafora
Anthony Spadafora

After working with the TechRadar Pro team for the last several years, Anthony is now the security and networking editor at Tom’s Guide where he covers everything from data breaches and ransomware gangs to the best way to cover your whole home or business with Wi-Fi. When not writing, you can find him tinkering with PCs and game consoles, managing cables and upgrading his smart home. 

Read more
A person at a laptop with a cybersecure lock symbol floating above it.
Cybercrime gang targets victims with "triple threat" attacks
Abstract image of cyber security in action.
MassJacker malware targets those looking for pirated software
botnet
YouTubers targeted by blackmail campaign to promote malware on their channels
A group of 7 hackers, 6 slightly blurred in the background and one in the foreground, all wearing black with hoods pulled up over their heads. You cannot see their faces. The hacker in the foreground sits with an open laptop in front of them. The background, behind the hackers, is a Chinese flag
China government-linked hackers caught running a seriously dangerous ransomware scam
A laptop with a red screen with a white skull on it with the message: "RANSOMWARE. All your files are encrypted."
AWS S3 feature abused by ransomware hackers to encrypt storage buckets
China
Chinese hackers develop effective new hacking technique to go after business networks
Latest in Security
cybersecurity
Chinese government hackers allegedly spent years undetected in foreign phone networks
Data leak
A major Keenetic router data leak could put a million households at risk
Code Skull
Interpol operation arrests 300 suspects linked to African cybercrime rings
Insecure network with several red platforms connected through glowing data lines and a black hat hacker symbol
Multiple routers hit by new critical severity remote command injection vulnerability, with no fix in sight
Code Skull
This dangerous new ransomware is hitting Windows, ARM, ESXi systems
An abstract image of a lock against a digital background, denoting cybersecurity.
Critical security flaw in Next.js could spell big trouble for JavaScript users
Latest in News
DeepSeek
Deepseek’s new AI is smarter, faster, cheaper, and a real rival to OpenAI's models
Open AI
OpenAI unveiled image generation for 4o – here's everything you need to know about the ChatGPT upgrade
Apple WWDC 2025 announced
Apple just announced WWDC 2025 starts on June 9, and we'll all be watching the opening event
Hornet swings their weapon in mid air
Hollow Knight: Silksong gets new Steam metadata changes, convincing everyone and their mother that the game is finally releasing this year
OpenAI logo
OpenAI just launched a free ChatGPT bible that will help you master the AI chatbot and Sora
An aerial view of an Instavolt Superhub for charging electric vehicles
Forget gas stations – EV charging Superhubs are using solar power to solve the most annoying thing about electric motoring
More about security
cybersecurity

Chinese government hackers allegedly spent years undetected in foreign phone networks
Data leak

A major Keenetic router data leak could put a million households at risk
Nimo N172 laptop

This obscure laptop brand sells a 64GB AMD Ryzen 9 laptop for just over $700 which is faster than the Apple's M4 CPU
See more latest
Most Popular
Nimo N172 laptop
This obscure laptop brand sells a 64GB AMD Ryzen 9 laptop for just over $700 which is faster than the Apple's M4 CPU
DeepSeek
Deepseek’s new AI is smarter, faster, cheaper, and a real rival to OpenAI's models
Student with headphones around her neck using a phone while sitting in a cafe in front of a laptop
One of the richest men in the world castigates the billions of dollars spent on buying laptops for US classrooms with no apparent improvements
An aerial view of an Instavolt Superhub for charging electric vehicles
Forget gas stations – EV charging Superhubs are using solar power to solve the most annoying thing about electric motoring
Tesla Model Y 2025
Tesla’s EU sales are in freefall as VW races ahead, but the Model Y could change all that
Asus NUC 15 Pro+
Asus unveils its most powerful mini PC to date — but I don't think the Intel-powered NUC 15 Pro+ will compete with Strix Halo models
HDD
Seagate teams with Nvidia to build an NVMe hard drive proof of concept, more than 3 years after its last effort
Open AI
OpenAI unveiled image generation for 4o – here's everything you need to know about the ChatGPT upgrade
NetSuite EVP Evan Goldberg at SuiteConnect London 2025
"It's our job to deliver constant innovation” - NetSuite head on why it wants to be the operating system for your whole business
Apple WWDC 2025 announced
Apple just announced WWDC 2025 starts on June 9, and we'll all be watching the opening event