Bitdefender's cybersecurity threat research specialists have just uncovered a group of hackers attempting to compromise Linux servers with weak SSH credentials, with the aim of deploying malware for mining the cryptocurrency Monero. This group, capable of acting globally, probably operates from Romania and its offerings also include denial-of-service attacks, DDoS.
According to Bitdefender, it is very common to encounter hackers who focus on finding weak SSH credentials. Thus, among the biggest security problems today are default usernames and passwords or weak credentials that hackers can easily overcome with brute force techniques. Apparently, the tricky part is not cracking those credentials, but doing it in a way that allows attackers to go undetected.
Despite their efforts, Bitdefender's experts point out that the tools and methods used by each hacker can often be used to expose them. In the case of this group, for example, Bitdefender has detected that they use Discord channels instead of classic C2 servers.
In its research, Bitdefender explains the path its experts followed in discovering this group and how it manages to infect its victims.