Long-running RUBYCARP botnet operation examined

10 April 2024

BleepingComputer reports that intrusions involving known security flaws and brute force tactics have been deployed by Romanian threat operation RUBYCARP for at least a decade, with the group currently operating a botnet with more than 600 breached servers. After several months of targeting Laravel apps impacted by the remote code execution flaw, tracked as CVE-2021-3129, RUBYCARP has transitioned to brute-force attacks against SSH servers to distribute a shellbot payload that would make the server a part of its botnet infrastructure, according to a report from the Sysdig Threat Research Team.

Source: SC Magazine

Date:

10 April 2024

Categorie(s):

NEWS

Tag(s):

IT, News, Vulnerability Management

Increased complexity planned for Cyber Command’s training platform8 May 2024
Operational approach key to cyberattack mitigation, says Neuberger8 May 2024
CISA extends CIRCIA rule comment period8 May 2024
10,000 Customers’ Data Exposed in UK Government Breaches8 May 2024
New Spectre-Style ‘Pathfinder’ Attack Targets Intel CPU, Leak Encryption Keys and Data8 May 2024