Researchers identified an attack campaign targeting poorly secured Linux SSH servers, where the attack leverages Supershell, a cross-platform reverse shell backdoor written in Go, granting attackers remote control of compromised systems.  Following the initial infection, attackers are suspected to have deployed scanners to identify additional vulnerable targets and then likely launched dictionary attacks on these targets using credentials harvested from the compromised systems.   GitHub page of Supershell The data reveals a list of threat actor IP addresses and their corresponding root credentials, including common passwords like “root/password” and “root/123456789,” which are frequently exploited by attackers to gain unauthorized access to vulnerable systems. Meet the CISOs, Join the Virtual Panel to Learn compliance – Join for free  The presence of these credentials on compromised devices indicates a significant security risk, as they can be used to execute malicious activities, steal sensitive information, and disrupt operations.  The identification and mitigation of these vulnerabilities are crucial to protecting systems from potential threats.

Source: GBHackers