A single hosting provider saw 70,000 servers infected with Ebury malware in 2023, according to a detailed report by cybersecurity provider Eset.
Ebury, active in various forms since 2009, is a backdoor inside the OpenSSH daemon. It acts as a way for attackers to install more malware.
The US-based autonomous system was used by several server leasing companies. And Eset warned in a whitepaper that the malware operators “have established a significant presence in data centers worldwide…”
AiTM attacks to get in DCs
Ebury’s operators have implemented “large scale Adversary in the Middle” (AiTM) attacks to establish their position…
Source link