Romanian threat actors are employing a new brute-forcer “Diicot brute” to crack the passwords on Linux-based machines and install cryptominer malware. According to Bitdefender researchers, the cryptojacking gang employs a unique SSH brute-forcer dubbed Diicot to crack weak passwords on Linux machines and install code of a miner XMRig, a legitimate open-source miner that’s been adapted for cryptojacking by numerous hackers. The researchers said they connected the cryptojacking gang to at least two DDoS botnets: a variant of the Linux-based DDoS DemonBot botnet called “Chernobyl” and a Perl IRC bot. The main motive of this campaign is to deploy Monero mining malware, also their toolset can be used to steal sensitive information from users and perform other nefarious actions. Cryptojacking is a slow and tedious way to generate illicit income, that’s why the actor is using botnet to infect as many devices as possible. “Owning multiple systems for mining is not cheap, so attackers try the next best thing: To remotely compromise devices and use them for mining instead,” according to the report published by Bitdefender researchers.Threat actors are targeting people with weak and default passwords that are easily broken through brute force. “People are the simple reason why brute-forcing SSH credentials still work,” researchers wrote.“Hackers going after weak SSH credentials is not uncommon. The tricky part is not necessarily brute-forcing passwords but rather doing it in such a manner that attackers can’t go undetected,” Bitdefender says. Another feature of the Diicot Brute force attack implied the capability of the tool to filter honeypots, as per threat actors’ declarations.The attackers started the campaign in January and have not yet moved to the worm phase, acc ..
Support the originator by clicking the read the rest link below.
