OpenSSH Trojan Campaign Targets IoT and Linux Systems

by admin 0 Comments

Security
Share on Facebook
Share on Twitter
Share on Pinterest
Share on LinkedIn
Share on Facebook
Share on Twitter
Share on Pinterest
Share on LinkedIn

Security researchers have discovered a sophisticated attack campaign that exploits custom and open-source tools to target Linux-based systems and Internet of Things (IoT) devices.

According to a new blog post by Microsoft, the attackers utilized a patched version of OpenSSH to gain control of compromised devices and install cryptomining malware.

Read more on this type of malware: Satacom Malware Campaign Steals Crypto Via Stealthy Browser Extension

The attack campaign involves an established criminal infrastructure that uses a subdomain belonging to a Southeast Asian financial institution as a command and control (C2) server. 

The threat actors employed a backdoor that deployed various tools, including rootkits and an IRC bot, to steal device resources for cryptocurrency mining operations.

Additionally, the backdoor installed a modified version of OpenSSH, allowing the attackers to hijack SSH credentials, move laterally within networks and conceal malicious SSH connections.

As far as the attack chain is concerned, threat actors initiated it by brute-forcing credentials on misconfigured internet-facing Linux devices.

Once compromised, they downloaded and installed the malicious OpenSSH package, which granted them persistent access and the ability to intercept SSH credentials. The modified OpenSSH version mimicked a legitimate server, making detection more challenging.

Furthermore, the backdoor deploys open-source rootkits, such as Diamorphine and Reptile, to hide its presence on the compromised systems. 

It also established communication with a remote command and control server via an IRC bot called ZiggyStarTux. This enabled the threat actors to issue commands and launch distributed denial of service (DDoS) attacks.

In its advisory, Microsoft recommended several mitigation measures to protect devices and networks against this threat. 

These include ensuring secure configurations for internet-facing devices, maintaining up-to-date firmware and patches, using secure VPN services for remote access and adopting comprehensive IoT security solutions.

The Microsoft blog post comes weeks after the company announced a new integration of OpenAI technology into its services.

This article was originally published by Infosecurity-magazine.com. Read the original article here.
Share on Facebook
Share on Twitter
Share on Pinterest
Share on LinkedIn

Products You May Like

Articles You May Like

How technology drives progress – A Q&A with Nobel laureate Michel Mayor
Major phishing-as-a-service platform disrupted – Week in security with Tony Anscombe
Severe Flaws Disclosed in Brocade SANnav SAN Management Software
US Imposes Visa Restrictions on Alleged Spyware Figures
Apache Cordova App Harness Targeted in Dependency Confusion Attack

Leave a Reply

Your email address will not be published. Required fields are marked *