Analysis of Attacks That Install Scanners on Linux SSH Servers

AhnLab Security Emergency response Center (ASEC) analyzes attack campaigns against poorly managed Linux SSH servers and shares the results on the ASEC Blog. Before installing malware such as DDoS bot and CoinMiner, the threat actors need to obtain information on the attack target, that is the IP address and SSH account credentials. IP scanning is performed for this purpose to look for servers with the SSH service, or port 22 activated, after which a brute force or dictionary attack is …

address ahnlab analysis asec attack attacks blog bot campaigns center coinminer ddos emergency information install ip address linux malware malware analysis managed response results scanners security servers ssh ssh servers target threat threat actors