The Dark Side of the ForSSHe

Botconf 2018
2023-04-25 | 16:30 – 17:20

Romain Dumont 🗣 | Hugo Porcher 🗣

In February 2014, ESET researchers from Montreal published a report on a group who compromised more than 40,000 Linux servers worldwide since 2011. ESET named this campaign Windigo. At the centre of this operation, Ebury, an OpenSSH backdoor which allowed the attackers to remotely take control of compromised servers as well as stealing login credentials (passwords, keys) which were then used to connect to other servers. This simple yet effective method allowed them to extend their network of compromised servers.

Slides Icon

Scroll to Top