In a recent cyber attack, over 400,000 Linux servers have been compromised by hackers for cryptotheft and financial gain. This massive breach has raised concerns about the security of online transactions and personal data. Experts are advising users to take necessary precautions and update their security measures to protect themselves from similar attacks in the future.
Win Up To 93% Of Your Trades With The World’s #1 Most Profitable Trading Indicators
A recent report from ESET Research sheds light on a sophisticated server-side malware campaign that continues to grow, compromising hundreds of thousands of servers. What started as the Operation Windigo campaign ten years ago, focusing on Linux malware for financial gain, has now evolved into a multifaceted operation targeting credit card and cryptocurrency theft.
Despite efforts to combat Ebury, the main malware used in this campaign, its operators have shown resilience and adaptability. The arrest of one perpetrator did not deter the botnet’s expansion, with Ebury being consistently updated over the years. ESET’s honeypots have been crucial in tracking new samples and indicators, even though the malware has become increasingly complex and challenging to detect.
Working closely with the Dutch National High Tech Crime Unit (NHTCU), ESET uncovered new methods used by the Ebury gang to compromise servers, including leveraging hosting providers’ infrastructure and intercepting SSH traffic within data centers. Their tactics have resulted in the compromise of over 400,000 servers since 2009, with more than 100,000 still being compromised as of late 2023.
Aside from Ebury, the gang has deployed multiple malware families to exploit the compromised servers further, targeting financial details and cryptocurrency wallets. Updates to the Ebury malware itself, including new obfuscation techniques and a userland rootkit for hiding, make detection even more challenging.
For those concerned about potential compromise, ESET’s latest paper provides in-depth technical details and indicators of compromise. Additionally, ESET Research offers private APT intelligence reports and data feeds for organizations seeking advanced threat intelligence.
To learn more about Ebury’s ongoing threat and how to protect against it, access the full report from ESET Research or reach out to [email protected] for further inquiries. Stay informed and stay vigilant against evolving cyber threats.
Win Up To 93% Of Your Trades With The World’s #1 Most Profitable Trading Indicators
1. What is cryptotheft and how does it affect Linux servers?
Cryptotheft is when hackers steal cryptocurrency from servers, compromising their security and potentially causing financial losses.
2. How many Linux servers were compromised for cryptotheft recently?
Approximately 400,000 Linux servers were compromised for cryptotheft and financial gain.
3. What steps can be taken to protect Linux servers from cryptotheft?
Some steps to protect Linux servers from cryptotheft include updating software, using strong passwords, and implementing security measures like firewalls.
4. What kind of financial gain do hackers typically aim for when compromising Linux servers for cryptotheft?
Hackers aim to steal cryptocurrency and other valuable assets from compromised Linux servers, which they can then sell or use for financial gain.
5. Who is responsible for investigating and preventing incidents of cryptotheft on Linux servers?
IT security teams and cybersecurity experts are responsible for investigating and preventing incidents of cryptotheft on Linux servers, working to secure systems and mitigate risks.
Win Up To 93% Of Your Trades With The World’s #1 Most Profitable Trading Indicators
Win Up To 93% Of Your Trades With The World’s #1 Most Profitable Trading Indicators