Malware, Threat Intelligence

Massive Chinese malware C2 server network uncovered

China Bans Cyber Attacks: Examining Internet Security with Chinese Flag and Binary Data Through a Magnifying Glass Concept

More than 18,000 active command-and-control servers across 48 hosting providers have been tapped by Chinese threat actors to facilitate malware compromise, accounting for nearly 84% of all nefarious cyber activity in Chinese hosting environments over the last three months, according to Cyber Security News.

Most of the malicious C2 servers have been hosted by China Unicom, Alibaba Cloud, and Tencent, with China Unicom accounting for nearly half of the illicit servers, a report from Hunt.io researchers revealed. Additional findings showed that the Mozi botnet was the most prevalently deployed using the C2 network with 9,427 unique IP addresses, followed by the ARL framework, Cobalt Strike, Vshell, and Mirai.

Such a report emphasizes not only the coexistence of cybercrime operations, state-nexus cyberespionage instruments, and botnet infrastructure within hosting environments but also the exploitation of trusted cloud services to conceal malicious infrastructure.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms of Use and Privacy Policy.

You can skip this ad in 5 seconds