- Scientists see cybercrimal abuse errors to access a cloud linux server
- The hackers then continued to patch the fault and close the doors behind them
- There may be different reasons to solve deficiencies
A hacker was recently stained to patch a person’s vulnerable cloud linux occurrence – but they didn’t make it out of their heart.
Security researchers Red Canary observed a threat actor who abused a maximum difficulty of difficulty, tracked like CVE-2023-46604, to break into a Cloud Linux system.
The vulnerability is found in Apache Activemq and provides, among other things, sustained access – but after breaking in they patched the error, essentially locked the doors behind them.
Drops
Red Canary claims that there are different reasons why a cyber criminal can solve a problem after exploiting it, including locking other opponents or hiding their tracks.
The latter makes a lot of sense, especially by knowing that cyber criminals often fight for control over various compromised final points.
In addition to patching the error, the hackers did a number of things, including the installation of the sliver implant, which gave them unlimited access to the system.
They also changed the existing SSHD configuration file to activate Root login, and after that installed a previously unknown downloader, which Red Canary called “DRIPDopper”.
The downloader itself is pretty advanced, requiring a password to run, which hinder sandbox analysis.
It communicates with the threat actors via a Dropbox account that has hard -coded carries -tokens, and since Dropbox and similar platforms (telegram or discord) are not malicious by nature, the traffic mixes in and is more difficult to spot. Finally, Drip Ropper is probably used to implement two separate pieces of malware.
Red Canary says vulnerable web servers are one of the most common initial access vectors to Linux systems.
“Given the occurrence of*NIX-based or Unix-like systems in modern infrastructure, especially in rapidly expanding cloud environments, it is important to ensure that they are protected,” the researchers said.
“This requires the development of specialized events response strategies tailored to the complexity of both cloud architectures and Linux environments and ensure that defenders are equipped with effective, actionable guidance to protect these critical assets.”
