Mismanaged Linux SSH servers are being subjected to a new attack campaign involving the distribution of three new strains of the ShellBot DDoS bot malware, including PowerBots GohacK, LiGhT's Modded perlbot v2, and DDoS PBot v2.0, according to The Hacker News.
Both DDoS PBot v2.0 and Modded perlbot v2 offer commands to facilitate distributed denial-of-service attacks, while PowerBots, which has capabilities more akin to a backdoor, could facilitate reverse shell access and arbitrary file uploading, a report from the AhnLab Security Emergency Response Center revealed.
Attackers using the Perl-based ShellBot malware have been targeting systems with open SSH port 22, with various SSH credentials leveraged to commence a dictionary attack and prompt payload deployment, which will then be followed by the use of the Internet Relay Chat protocol for command-and-control server communications, said researchers.
"If ShellBot is installed, Linux servers can be used as DDoS Bots for DDoS attacks against specific targets after receiving a command from the threat actor. Moreover, the threat actor could use various other backdoor features to install additional malware or launch different types of attacks from the compromised server," said ASEC.
Fifty percent more distributed denial-of-service attacks have been launched by threat actors during the first quarter of 2024 over the same period last year, with thwarted DDoS attacks increasing by 93% year-over-year, SiliconAngle reports.
Security Affairs reports that attacks with an updated iteration of the LightSpy iOS spyware using the "F_Warehouse" framework have been deployed against Southern Asian targets as part of a new cyberespionage campaign.
Operations of Russia's industrial sensor and monitoring infrastructure were claimed to have been disrupted by Ukrainian hacking operation Blackjack following a Fuxnet malware attack against Moscow-based underground infrastructure firm Moscollector, reports SecurityWeek.