Cyberattackers are targeting Linux SSH servers with ShellBot malware. Utilising hexadecimal IP addresses, the perpetrators can evade detection in most URL-based detection signatures. ShellBot leverages weak SSH credentials to compromise servers, subsequently initiating DDoS attacks or deploying payloads like cryptominers on infected machines. Administrators are urged to maintain strong passwords and regularly update credentials to mitigate the threat.
From Log4j to IIS, China’s Hackers Turn Legacy Bugs into Global Espionage Tools
A China-linked threat actor has been attributed to a cyber attack targeting an U.S. non-profit organization with an aim to establish long-term persistence, as part
