Note
Access to this page requires authorization. You can try signing in or changing directories.
Access to this page requires authorization. You can try changing directories.
And NO one knows how it's being done?
https://www.linux.com/feature/125548
Pure insanity . . . how can this be going on for months and no one has a clue and all they can do is guess that maybe a password was guessed and used for logon?
If these boxes were Windows boxes - I'm pretty confident the world would know how it was being done by now . . . it would either be an exploit or a password and either way - our PSS IR guys would figure it out. :)
Edited: SecureWorks mentioned in the article above actually have a fairly decent write-up on the attacks here: https://www.secureworks.com/research/threats/linuxservers/?threat=linuxservers
Update - test