Comment on Thousands of Linux systems infected by stealthy malware since 2021

CyberSeeker@discuss.tchncs.de ⁨1⁩ ⁨month⁩ ago

Shouldn’t be this hard to find out the attack vector.

Buried deep, deep in their writeup:

RocketMQ servers

I’m sure if you’re running other insecure, public facing web servers with bad configs, the actor could exploit that too, but they didn’t provide any evidence of this happening in the wild (no threat group TTPs for initial access), so pure FUD to try to sell their security product.

Unfortunately, Ars mostly just restated verbatim what was provided by the security vendor Aqua Nautilus.

source
Sort:hotnewtop