More than 18,000 active command-and-control servers across 48 hosting providers have been tapped by Chinese threat actors to facilitate malware compromise, accounting for nearly 84% of all nefarious cyber activity in Chinese hosting environments over the last three months, according to Cyber Security News.Most of the malicious C2 servers have been hosted by China Unicom, Alibaba Cloud, and Tencent, with China Unicom accounting for nearly half of the illicit servers, a report from Hunt.io researchers revealed. Additional findings showed that the Mozi botnet was the most prevalently deployed using the C2 network with 9,427 unique IP addresses, followed by the ARL framework, Cobalt Strike, Vshell, and Mirai.Such a report emphasizes not only the coexistence of cybercrime operations, state-nexus cyberespionage instruments, and botnet infrastructure within hosting environments but also the exploitation of trusted cloud services to conceal malicious infrastructure.
Get daily email updates
SC Media's daily must-read of the most current and pressing daily news
You can skip this ad in 5 seconds




