- 8 ways diversity and inclusion help teams perform better
- AI has grown beyond human knowledge, says Google's DeepMind unit
- Microsoft still has a massive Windows 10 problem - and there's no easy way out
- Midnight Blizzard Targets European Diplomats with Wine Tasting Lure
- AI 시대의 또 다른 과제 ‘데이터 자신감 격차’··· IT 리더가 관리해야 할 이유
OpenSSH Trojan Campaign Targets IoT and Linux Systems
Security researchers have discovered a sophisticated attack campaign that exploits custom and open-source tools to target Linux-based systems and Internet of Things (IoT) devices.
According to a new blog post by Microsoft, the attackers utilized a patched version of OpenSSH to gain control of compromised devices and install cryptomining malware.
The attack campaign involves an established criminal infrastructure that uses a subdomain belonging to a Southeast Asian financial institution as a command and control (C2) server.
The threat actors employed a backdoor that deployed various tools, including rootkits and an IRC bot, to steal device resources for cryptocurrency mining operations.
Additionally, the backdoor installed a modified version of OpenSSH, allowing the attackers to hijack SSH credentials, move laterally within networks and conceal malicious SSH connections.
As far as the attack chain is concerned, threat actors initiated it by brute-forcing credentials on misconfigured internet-facing Linux devices.
Once compromised, they downloaded and installed the malicious OpenSSH package, which granted them persistent access and the ability to intercept SSH credentials. The modified OpenSSH version mimicked a legitimate server, making detection more challenging.
Furthermore, the backdoor deploys open-source rootkits, such as Diamorphine and Reptile, to hide its presence on the compromised systems.
It also established communication with a remote command and control server via an IRC bot called ZiggyStarTux. This enabled the threat actors to issue commands and launch distributed denial of service (DDoS) attacks.
In its advisory, Microsoft recommended several mitigation measures to protect devices and networks against this threat.
These include ensuring secure configurations for internet-facing devices, maintaining up-to-date firmware and patches, using secure VPN services for remote access and adopting comprehensive IoT security solutions.
The Microsoft blog post comes weeks after the company announced a new integration of OpenAI technology into its services.
