SSH key-based attacks with rootkit

US-CERT is aware of active attacks against Linux-based computing infrastructures using compromised SSH keys. The attack appears to initially use stolen SSH keys to gain access to a system, and then uses local kernel exploits to gain root access. Once root access has been obtained, a rootkit known as "phalanx2" is installed. Read more at US-CERT.

No comments: