Perfctl Campaign Exploits Millions of Linux Servers for Crypto Mining and Proxyjacking

Category	Details
Threat Actors	Perfctl campaign (attributed to an unknown threat actor targeting Linux servers).
Campaign Overview	Exploits Linux servers for cryptocurrency mining and proxyjacking using fileless infection techniques.
Target Regions (Or Victims)	United States, Germany, South Korea.
Methodology	Uses rootkits, system process modification, masquerading, and other evasive techniques to evade detection.
Product Targeted	Linux-based servers, specifically in cryptocurrency platforms and software development.
Malware Reference	Perfctl (stealthy cryptomining and proxyjacking malware).
Tools Used	Rootkits, SSH, system process modifications, application layer protocols.
Vulnerabilities Exploited	CVE-2021-4034 (Privilege escalation), CVE-2023-33246 (Unauthorized system takeover).
TTPs	- Rootkit (T1014) - Modify system process (T1543) - Masquerading (T1036) - Process injection (T1055) - Elevation control mechanism abuse (T1548)
Attribution	Attributed to unknown actors using advanced stealth techniques.
Recommendations	- Monitor CPU/network usage. - Enforce multi-factor authentication. - Patch systems regularly. - Deploy EDR solutions. - Conduct frequent security audits.
Source	SOCRadar

Read full article: https://socradar.io/perfctl-campaign-exploits-millions-of-linux-servers-for-crypto-mining-and-proxyjacking/

Disclaimer: The above summary has been generated by an AI language model