CRYSTALRAY Hackers Infect Over 1,500 Victims Using Network Mapping Tool

July 15, 2024 at 07:09AM A threat actor, known as CRYSTALRAY, has expanded its operations and infected over 1,500 victims using open-source security tools. Their primary objectives include harvesting and selling credentials, deploying cryptocurrency miners, and maintaining persistence in victim environments. Various methods, including tool abuse and credential discovery, are employed, posing serious security risks. … Read more

CRYSTALRAY hacker expands to 1,500 breached systems using SSH-Snake tool

July 11, 2024 at 11:10AM The new threat actor, CRYSTALRAY, has expanded its operations, targeting over 1,500 victims with stolen credentials and cryptominers. Utilizing SSH-Snake and various open-source tools, CRYSTALRAY aims to collect and sell credentials, deploy cryptominers, and maintain persistence in victim environments. It exploits vulnerabilities in various software and targets Atlassian Confluence products. … Read more

‘CrystalRay’ Expands Arsenal, Hits 1,500 Targets with SSH-Snake and Open Source Tools

July 11, 2024 at 10:48AM CrystalRay, a threat actor, has expanded their operations since the February attacks. They utilize SSH-Snake, an automated worm-like tool, for hacking purposes and have added mass scanning, open source software exploitation, and credential theft to their arsenal. Their use of open source and penetration testing tools enables them to maintain … Read more

Researchers Uncover ‘LLMjacking’ Scheme Targeting Cloud-Hosted AI Models

May 10, 2024 at 04:03AM Cybersecurity researchers have uncovered a new attack, LLMjacking, targeting cloud-hosted large language model (LLM) services. Attackers use stolen cloud credentials to access LLMs, exploiting vulnerable systems like Laravel Framework and AWS. By querying logging settings, attackers aim to evade detection while racking up substantial costs for victims. Organizations are advised … Read more

RubyCarp: Insights Into the Longevity of a Romanian Cybercriminal Gang

April 12, 2024 at 11:36AM The Sysdig Threat Research Team has discovered a longstanding Romanian cybercriminal group named RubyCarp, operating discreetly for at least a decade. The group’s distinct activities and tool suite have been unveiled, shedding light on its cryptomining and credential phishing focus. Despite its low profile, Sysdig has accessed the group, provoking … Read more

RUBYCARP hackers linked to 10-year-old cryptomining botnet

April 9, 2024 at 11:37AM The RUBYCARP botnet, operated by a Romanian group, is exploiting vulnerabilities and conducting brute force attacks to compromise corporate networks for financial gain. Managed through private IRC channels, the botnet runs over 600 compromised servers, using Perl-based payloads for attacks with low detection rates. It has been active for over … Read more

10-Year-Old ‘RUBYCARP’ Romanian Hacker Group Surfaces with Botnet

April 9, 2024 at 10:45AM RUBYCARP, a suspected Romanian threat group, has been running a botnet for over 10 years, using it for crypto mining, DDoS, and phishing. The group utilizes various public exploits and brute-force attacks, communicates through IRC networks, and employs a malware called ShellBot. Their activities include exploiting security flaws, creating a … Read more

Cybercriminals Weaponizing Open-Source SSH-Snake Tool for Network Attacks

February 22, 2024 at 05:51AM SSH-Snake, a network mapping tool, has been repurposed by threat actors to conduct malicious activities. The self-replicating worm leverages SSH credentials to spread throughout the network and harvest credentials and IP addresses. It has been observed in real-world attacks, highlighting the importance of comprehensive security measures. Additionally, a new botnet … Read more

New SSH-Snake malware steals SSH keys to spread across the network

February 21, 2024 at 03:32PM SSH-Snake, an open-source network mapping tool, is being used by a threat actor to stealthily search for private keys and move laterally through victim infrastructure. It was discovered by Sysdig’s Threat Research Team, who describe it as a self-modifying worm that avoids typical detection patterns, making it a more efficient … Read more

What We Can Learn from Major Cloud Cyberattacks

November 9, 2023 at 05:26PM Notorious cloud hacks between 2020 and 2022 could have been prevented by faster detection and response, according to research by Mohamed Shaaban at Sysdig. The study examined six major cloud security incidents and found that attackers are becoming more advanced in their use of automated tools. Sysdig has proposed the … Read more