Tag Archives: Ebury

In its new research report, IT security manufacturer ESET has published a report that reveals the malicious activities of the hacker group “Ebury”. Its malware infected more than 400.000 Linux, FreeBSD and OpenBSD servers over the past 15 years.

In the past 18 months alone, 100.000 new victims have been added. In many cases, the Ebury operators were able to gain full access to large servers of Internet providers and well-known hosting providers. The activities of the Ebury group and its botnet over the years have included spreading spam, redirecting web traffic and stealing login credentials. In recent years, the hackers have also moved into credit card and cryptocurrency theft.

Ebury is versatile

Since at least 2009, Ebury has served as an OpenSSH backdoor and credential stealer….

A single hosting provider saw 70,000 servers infected with Ebury malware in 2023, according to a detailed report by cybersecurity provider Eset.

Ebury, active in various forms since 2009, is a backdoor inside the OpenSSH daemon. It acts as a way for attackers to install more malware.

The US-based autonomous system was used by several server leasing companies. And Eset warned in a whitepaper that the malware operators “have established a significant presence in data centers worldwide…”

Ebury, one of the most advanced server-side malware campaigns, has been active for 15 years but its use by threat actors is still growing, according to cybersecurity firm ESET.

A new report published on May 14 by ESET Research showed that operators of the Ebury malware and botnet were more active than ever in 2023.

Over the years, Ebury has been deployed as a backdoor to compromise almost 400,000 Linux, FreeBSD and OpenBSD servers. More than 100,000 were still compromised as of late 2023.

Long known to deploy spam, web traffic redirections and credential stealing, the Ebury group recently added credit card compromise and cryptocurrency theft in its techniques, tactics and procedures (TTPs).

What is the Ebury Botnet?

Ebury is a malicious group that has been active since…

Ebury, one of the most advanced server-side malware campaigns, has been active for 15 years but its use by threat actors is still growing, according to cybersecurity firm ESET.

A new report published on May 14 by ESET Research showed that operators of the Ebury malware and botnet were more active than ever in 2023.

Over the years, Ebury has been deployed as a backdoor to compromise almost 400,000 Linux, FreeBSD and OpenBSD servers. More than 100,000 were still compromised as of late 2023.

Long known to deploy spam, web traffic redirections and credential stealing, the Ebury group recently added credit card compromise and cryptocurrency theft in its techniques, tactics and procedures (TTPs).

What is the Ebury Botnet?

Ebury is a malicious group that has been active since…

• ESET Research has released its deep-dive investigation into one of the most advanced server-side malware campaigns, which is still growing – Ebury group with their malware and botnet.
• Over the years, Ebury has been deployed as a backdoor to compromise almost 400,000 Linux, FreeBSD, and OpenBSD servers; more than 100,000 were still compromised as of late 2023.
• Ebury actors have been pursuing monetization activities subsequent to our 2014 publication on Operation Windigo, including the spread of spam, web traffic redirections, and credential stealing.
• Additionally, ESET has confirmed that operators are also involved in cryptocurrency heists.
• In many cases, Ebury operators were able to gain full access to large servers of ISPs and well-known hosting providers.

BRATISLAVA, Slovakia,