The Linuxsys Cryptominer

SUMMARY :

A long-running cryptomining campaign exploiting multiple vulnerabilities has been active since 2021, using consistent attack methodologies. The attacker compromises legitimate websites to distribute malware, enabling stealthy delivery and detection evasion. The campaign targets various vulnerabilities, including CVE-2021-41773, CVE-2024-0012, CVE-2024-9474, CVE-2024-36401, CVE-2023-22527, CVE-2023-34960, and CVE-2023-38646. The attacker uses a script to download configuration files and a coinminer (linuxsys) from compromised hosts. The operation appears small-scale but has persisted for years, carefully targeting high-interaction systems and avoiding low-interaction honeypots. The attacker's success stems from their consistent techniques, including n-day exploitation and staging content on compromised hosts.

OPENCTI LABELS :

cryptomining,xmrig,compromised websites,linuxsys


Open in NetmanageIT OpenCTI Public Instance with below link!


Use public read only username and password on login page.

NOTE : Use Public READ only user credentials on login page banner.


The Linuxsys Cryptominer