Malware alert issued for Linux servers

0 119

Malware alert issued for Linux servers

Threats targeting computer systems are becoming more and more frequent. Until recently, Linux servers have been victims of external intrusions. After the investigations, the aim of the attacks carried out was to fraudulently introduce malware hiding clandestine mining device. Following the discovery of the bug, the alert was issued to all users of the operating system.

A computer warning of the detection of a malicious script program.

Indeed, the group of hackers behind this intrusion has been raging since the beginning of 2017 and is called 8220. One of the exploits carried out by this club of malicious people was the invention of the dangerous cryptocurrency monero. Today, the pirate group is back with even more formidable approaches.

Chen Doytshmansecurity researcher at Akamai Technologies, was one of the experts who worked on the detected bug. In addition, Microsoft Security Intelligence also contributed to security diagnostics.

Hackers are getting smarter

The notorious malicious program developed by the attackers is called whatMiner. Indeed, in 2019, the group of hackers had already committed an unexpected exploit by using rootkits to hide your mining program.

Today the gang resurfaced with IRC Tsunami botnet variants and a custom PwnRig miner. Their target is mainly i686 and x86_64 Linux systems, more specifically Atlassian Confluence (CVE-2022-26134) and Oracle WebLogic (CVE-2019-2725) servers.

Furthermore, these feats are achieved by creating a wide range of pirated software from a remote server responsible for delist the PwnRig miner, then an IRC bot. Finally, the malware loader uses the IP port scanner tool and then the GoLang spirit-driven SSH brute force system to infiltrate.

“The pirates have effectively revamped their techniques and arsenal over the past year. »

Microsoft Security Intelligence

A sustained rate of attack and specific business sectors targeted

Over time, the number of intrusion attempts increased from 20,000 to 100,000 times per day using approximately 6,000 IP addresses. Network security experts have also noted that well-defined sectors of activity were targeted by attacks. This is the branch of trade, high technology and financial services.

“The worrying fact at the moment is the magnitude of the upward shift that this type of attack has sparked in recent weeks. »

Chen Doytshman, Security Researcher at Akamai Technologies


Leave A Reply

Your email address will not be published.