Rocke, known for operating multiple large-scale malicious crypto-mining campaigns, has now switched to new Tactics, Techniques, and Procedures (TTPs), including new C2 infrastructure and updated malware to evade detection. Rocke is a financially motivated threat group first spotted in April 2018 by Cisco Talos researchers while exploiting unpatched Apache Struts, Oracle WebLogic, and Adobe ColdFusion servers, and dropping cryptomining malware from attacker-controlled Gitee and GitLab repositories. September 17 is the date when the hacker group started using the new LSD sample that gets its mining config scripts from “128-bit-chaining (CBC) mode and base64 encoded”””
Source: https://www.bleepingcomputer.com/news/security/chinese-hackers-use-new-cryptojacking-tactics-to-evade-detection/