Press ESC to close

Perfctl Campaign Exploits Millions of Linux Servers for Crypto Mining and Proxyjacking

CategoryDetails
Threat ActorsPerfctl (undisclosed group behind the malware campaign targeting Linux servers).
Campaign OverviewCampaign targeting Linux servers with advanced, fileless infection techniques to mine cryptocurrency and perform proxyjacking.
Target RegionsUnited States, Germany, South Korea.
Targeted SectorsCryptocurrency Platforms, Software Development and Publishing sectors.
Malware ReferencePerfctl (fileless infection, cryptomining, proxyjacking malware).
Tools UsedRootkits, Fileless Techniques, Exploited Vulnerabilities (CVE-2021-4034, CVE-2023-33246).
Vulnerabilities ExploitedCVE-2021-4034 (Privilege escalation), CVE-2023-33246 (Unauthorized system takeover).
TTPs– Rootkit (T1014)
– Modify System Process (T1543)
– System Information Discovery (T1082)
– Application Layer Protocol (T1071)
– Impair Defenses (T1562)
– Masquerading (T1036)
– Process Injection (T1055)
– Remote Services (T1021)
– Elevation Control Mechanism Abuse (T1548).
AttributionUnknown hacker group using Perfctl malware.
Recommendations– Monitor network traffic and system resources for anomalies.
– Enforce strict access controls, particularly for administrative accounts.
– Patch and update systems regularly.
– Deploy Endpoint Detection and Response (EDR) solutions.
– Conduct regular security audits.
– Engage in threat intelligence using platforms like SOCRadar.
SourceSocradar

Read full article: https://socradar.io/perfctl-campaign-exploits-millions-of-linux-servers-for-crypto-mining-and-proxyjacking/

Disclaimer: The above summary has been generated by an AI language model

Leave a Reply

Your email address will not be published. Required fields are marked *