SSHStalker Botnet Uses IRC C2 to Control Linux Systems via Legacy Kernel Exploits

Cybersecurity researchers have identified a new botnet named SSHStalker, which leverages the Internet Relay Chat (IRC) protocol for command-and-control (C2) operations. This botnet targets Linux systems by exploiting legacy kernel vulnerabilities, combining stealth techniques such as log tampering and rootkit artifacts to maintain persistence and evade detection.

The SSHStalker operation highlights a trend of threat actors repurposing older exploits to compromise systems, emphasizing the importance of patching and monitoring for outdated software. Its use of IRC for C2 adds a layer of obscurity, making it harder to track and disrupt, while the inclusion of log cleaners and rootkits suggests a focus on long-term infiltration and data exfiltration.

Key Takeaways

SSHStalker botnet uses IRC for command-and-control, enhancing stealth and evasion.
Exploits legacy Linux kernel vulnerabilities to gain unauthorized access to systems.
Incorporates log tampering (utmp/wtmp/lastlog) and rootkit artifacts for persistence.
Highlights the risk of unpatched legacy software in cybersecurity defenses.
Demonstrates a blend of old and new techniques in modern botnet operations.

Source: The Hacker News

Press ESC to close

Key Takeaways

Share Article:

Tarang Parmar

Microsoft Patches 59 Vulnerabilities Including Six Actively Exploited Zero-Days

North Korea-Linked UNC1069 Uses AI Lures to Attack Cryptocurrency Organizations