| Category | Details |
|---|---|
| Threat Actors | Perfctl campaign (attributed to an unknown threat actor targeting Linux servers). |
| Campaign Overview | Exploits Linux servers for cryptocurrency mining and proxyjacking using fileless infection techniques. |
| Target Regions (Or Victims) | United States, Germany, South Korea. |
| Methodology | Uses rootkits, system process modification, masquerading, and other evasive techniques to evade detection. |
| Product Targeted | Linux-based servers, specifically in cryptocurrency platforms and software development. |
| Malware Reference | Perfctl (stealthy cryptomining and proxyjacking malware). |
| Tools Used | Rootkits, SSH, system process modifications, application layer protocols. |
| Vulnerabilities Exploited | CVE-2021-4034 (Privilege escalation), CVE-2023-33246 (Unauthorized system takeover). |
| TTPs | – Rootkit (T1014) – Modify system process (T1543) – Masquerading (T1036) – Process injection (T1055) – Elevation control mechanism abuse (T1548) |
| Attribution | Attributed to unknown actors using advanced stealth techniques. |
| Recommendations | – Monitor CPU/network usage. – Enforce multi-factor authentication. – Patch systems regularly. – Deploy EDR solutions. – Conduct frequent security audits. |
| Source | SOCRadar |
Read full article: https://socradar.io/perfctl-campaign-exploits-millions-of-linux-servers-for-crypto-mining-and-proxyjacking/
Disclaimer: The above summary has been generated by an AI language model
Related posts:
Iran-linked group aims malware at aerospace industry through fake job recruiters
Threat Actor Abuses Gophish to Deliver New PowerRAT and DCRAT
Inside Intelligence Center: Financially Motivated Chinese Threat Actor SilkSpecter Targeting Black Friday Shoppers
T-Mobile rebuffed breach attempts by hackers likely connected to China’s Salt Typhoon
Leave a Reply