| Category | Details |
|---|---|
| Threat Actors | Perfctl (undisclosed group behind the malware campaign targeting Linux servers). |
| Campaign Overview | Campaign targeting Linux servers with advanced, fileless infection techniques to mine cryptocurrency and perform proxyjacking. |
| Target Regions | United States, Germany, South Korea. |
| Targeted Sectors | Cryptocurrency Platforms, Software Development and Publishing sectors. |
| Malware Reference | Perfctl (fileless infection, cryptomining, proxyjacking malware). |
| Tools Used | Rootkits, Fileless Techniques, Exploited Vulnerabilities (CVE-2021-4034, CVE-2023-33246). |
| Vulnerabilities Exploited | CVE-2021-4034 (Privilege escalation), CVE-2023-33246 (Unauthorized system takeover). |
| TTPs | - Rootkit (T1014) - Modify System Process (T1543) - System Information Discovery (T1082) - Application Layer Protocol (T1071) - Impair Defenses (T1562) - Masquerading (T1036) - Process Injection (T1055) - Remote Services (T1021) - Elevation Control Mechanism Abuse (T1548). |
| Attribution | Unknown hacker group using Perfctl malware. |
| Recommendations | - Monitor network traffic and system resources for anomalies. - Enforce strict access controls, particularly for administrative accounts. - Patch and update systems regularly. - Deploy Endpoint Detection and Response (EDR) solutions. - Conduct regular security audits. - Engage in threat intelligence using platforms like SOCRadar. |
| Source | Socradar |
Read full article: https://socradar.io/perfctl-campaign-exploits-millions-of-linux-servers-for-crypto-mining-and-proxyjacking/
Disclaimer: The above summary has been generated by an AI language model
Leave a Reply