Bleeping Computer

CRYSTALRAY hacker expands to 1,500 breached systems using SSH-Snake tool

A new threat actor known as CRYSTALRAY has significantly broadened its targeting scope with new tactics and exploits, now counting over 1,500 victims whose credentials were stolen and cryptominers ...
The Hacker News

Junior Hacker Used Tailscale and OpenSSH to Keep Access After His C2 Went Offline

Cato Networks tracked Poisson using OpenSSH and Tailscale to maintain access after Havoc C2 outage in a 33-day intrusion.

Velvet Ant Hid Inside Linux Login Stack Arabian Post

Velvet Ant Hid Inside Linux Login Stack Arabian Post. clearfix>A China-nexus hacking group maintained covert access to a segregated critical-infrastructure network for nearly a decade by tampering wit ...
The Hacker News

China-Linked Hackers Backdoored Linux Login Software to Hide for Nearly a Decade

Sygnia says Velvet Ant modified Linux PAM and OpenSSH components to steal credentials and maintain stealthy access since 2016 ...
Bleeping Computer

Chinese cyberspies use new SSH backdoor in network device hacks

A Chinese hacking group is hijacking the SSH daemon on network appliances by injecting malware into the process for persistent access and covert operations. The newly identified attack suite has been ...