Category | Details |
---|---|
Threat Actors | Perfctl (undisclosed group behind the malware campaign targeting Linux servers). |
Campaign Overview | Campaign targeting Linux servers with advanced, fileless infection techniques to mine cryptocurrency and perform proxyjacking. |
Target Regions | United States, Germany, South Korea. |
Targeted Sectors | Cryptocurrency Platforms, Software Development and Publishing sectors. |
Malware Reference | Perfctl (fileless infection, cryptomining, proxyjacking malware). |
Tools Used | Rootkits, Fileless Techniques, Exploited Vulnerabilities (CVE-2021-4034, CVE-2023-33246). |
Vulnerabilities Exploited | CVE-2021-4034 (Privilege escalation), CVE-2023-33246 (Unauthorized system takeover). |
TTPs | – Rootkit (T1014) – Modify System Process (T1543) – System Information Discovery (T1082) – Application Layer Protocol (T1071) – Impair Defenses (T1562) – Masquerading (T1036) – Process Injection (T1055) – Remote Services (T1021) – Elevation Control Mechanism Abuse (T1548). |
Attribution | Unknown hacker group using Perfctl malware. |
Recommendations | – Monitor network traffic and system resources for anomalies. – Enforce strict access controls, particularly for administrative accounts. – Patch and update systems regularly. – Deploy Endpoint Detection and Response (EDR) solutions. – Conduct regular security audits. – Engage in threat intelligence using platforms like SOCRadar. |
Source | Socradar |
Read full article: https://socradar.io/perfctl-campaign-exploits-millions-of-linux-servers-for-crypto-mining-and-proxyjacking/
Disclaimer: The above summary has been generated by an AI language model
Leave a Reply