21.Globe RadiatingCode

A team of Chinese hackers known as Kinsing has discovered a little-known security vulnerability in the Apache ActiveMQ message broker software. The vulnerability allowed the attackers to implant rootkits on Linux servers remotely and steal sensitive information such as usernames, passwords, and SSH keys.

The Kinsing threat group has a history of targeting misconfigured containerized environments for cryptocurrency mining, often utilizing compromised server resources to generate illicit profits for the attackers.

According to security researchers, "Once Kinsing infects a system, it deploys a cryptocurrency mining script that exploits the host's resources to mine cryptocurrencies like Bitcoin, resulting in significant damage to the infrastructure and a negative impact on system performance. Kinsing doubles down on its persistence and compromise by loading its rootkit in /etc/ld.so.preload, which completes a full system compromise."