Microsoft Security’s latest analysis indicates that hackers are launching a new Cryptocurrency Mining Campaign that targets internet-facing Linux systems and IoT Devices. A detailed analysis was published by MS on their security blog page as a warning to Linux Admins.
“The threat actors behind the attack use a backdoor that deploys a wide array of tools and components such as rootkits and an IRC bot to steal device resources for mining operations,” Microsoft threat intelligence researcher Rotem Sde-Or said last June 22, 2023.
“The backdoor also installs a patched version of OpenSSH on affected devices, allowing threat actors to hijack SSH credentials, move laterally within the network, and conceal malicious SSH connections.”
To pull off the scheme, misconfigured Linux hosts are brute-forced to gain initial access, following which the threat actors move to disable shell history and fetch a trojanized version of OpenSSH from a remote server.
READ MORE HERE
News Article: https://thehackernews.com/2023/06/new-cryptocurrency-mining-campaign.html
Microsoft Research News Page: https://www.microsoft.com/en-us/security/blog/2023/06/22/iot-devices-and-linux-based-systems-targeted-by-openssh-trojan-campaign/
