Chinese Hackers Attacking Linux Devices With New SSH Backdoor
NetmanageIT OpenCTI - opencti.netmanageit.com
SUMMARY :
Chinese hackers, specifically the DaggerFly espionage group, are targeting Linux devices with a sophisticated SSH backdoor called ELF/Sshdinjector.A!tr. The Lunar Peek campaign, active since mid-November 2024, primarily focuses on network appliances and IoT devices. The attack involves a dropper that deploys malicious binaries, including a modified SSH library and infected versions of common utilities. The core backdoor communicates with a remote C2 server, enabling system information gathering, data exfiltration, and arbitrary command execution. The malware uses a custom communication protocol with hardcoded identifiers and can perform various actions through specific command IDs. Users are advised to keep their AntiVirus definitions up-to-date to mitigate the threat.
OPENCTI LABELS :
linux,c2 server,iot,ssh backdoor,network appliances,lunar peek campaign
Open in NetmanageIT OpenCTI Public Instance with below link!
Use public read only username and password on login page.
NOTE : Use Public READ only user credentials on login page banner.
Chinese Hackers Attacking Linux Devices With New SSH Backdoor