VERDICT —UNRATED
Verdict pending. Auto-ingested incidents are reviewed before a public verdict is rendered.
▰ METHOD
Undisclosed
Root cause
Root-cause analysis not yet published. The incident description below contains all currently available signal — review the attack transaction directly for definitive forensics.
Forensic narrative
Tencent Security Threat Intelligence Center has detected a large number of attacks originating from overseas IP and some domestic IP against domestic cloud server tenants. The attacker blasted into the server through SSH (port 22), and then executed malicious commands to download the Muhstik botnet Trojan. The botnet will control the compromised server to perform SSH lateral movement, download the Monero mining Trojan, and accept remote commands to launch DDoS attacks. Attack method (per SlowMist): Remote Intrusion. Reported loss: -.
Primary source
https://s.tencent.com/research/report/1078.html ↗Sourced from
slowmist
Technical record
- chain
- —
- protocol
- Domestic cloud server
- bug_class
- unknown
- date_occurred
- 2020-08-07
- loss_usd
- —
- source_id
- sm:domestic-cloud-server::2020-08-07
Related — same bug class