Romain Dumont
Last known affiliation: ESET
Date: 2018-12-06
The Dark Side of the ForSSHe
Romain Dumont 🗣 | Hugo Porcher 🗣
Romain Dumont 🗣 | Hugo Porcher 🗣
Abstract (click to view)
In February 2014, ESET researchers from Montreal published a report on a group who compromised more than 40,000 Linux servers worldwide since 2011. ESET named this campaign Windigo. At the centre of this operation, Ebury, an OpenSSH backdoor which allowed the attackers to remotely take control of compromised servers as well as stealing login credentials (passwords, keys) which were then used to connect to other servers. This simple yet effective method allowed them to extend their network of compromised servers.