"Compromised Linux SSH Servers Engage in DDoS Attacks, Cryptomining"

Unidentified attackers are compromising poorly managed Linux SSH servers and instructing them to launch Distributed Denial-of-Service (DDoS) attacks while simultaneously mining cryptocurrency in the background. Tsunami, also known as Kaiten, is a DDoS bot often distributed in conjunction with Mirai and Gafgyt malware strains. The fact that Tsunami functions as an Internet Relay Chat (IRC) bot distinguishes it from other DDoS bots. It uses IRC to communicate with the threat actor. Since Tsunami's source code is publicly available, it is used by various threat actors. It is primarily used in attacks targeting Internet of Things (IoT) devices. Researchers from AhnLab's Security Emergency Response Center (ASEC) explained that it is also frequently used to target Linux servers. This article continues to discuss the targeting of poorly managed Linux SSH servers in DDoS and cryptomining attacks. 

Help Net Security reports "Compromised Linux SSH Servers Engage in DDoS Attacks, Cryptomining"