400,000 Linux Servers Hit by Ebury Botnet 




tldr - powered by Generative AI

The Ebury Linux botnet has been expanding over the past decade, infecting over 400,000 servers and targeting cryptocurrency wallets and credit card data for financial gain.
  • Ebury botnet has infected over 400,000 hosts since 2009, targeting servers of hosting providers for financial gain.
  • The operators use zero-day vulnerabilities to compromise servers, steal cryptocurrency wallets, and eavesdrop on network traffic for credit card data.
  • The malware is deployed with root privileges, using credential stuffing, hypervisor access, compromised hosting providers, and SSH adversary-in-the-middle techniques.
  • The botnet's operators have targeted Tor exit nodes, Bitcoin and Ethereum nodes, and other threat actors' infrastructure to steal data and perform web traffic redirection.
Ebury botnet
financial gain
zero-day vulnerabilities
SSH attacks

Post a comment

Related articles