Ssh… Don’t Tell Them I Am Not HTTPS: How Attackers Use SSH.exe as a Backdoor Into Your Network
Summary
Attackers are leveraging SSH.exe, a legitimate Windows component, as a backdoor to gain unauthorized access to networks. This technique falls under the umbrella of Living Off the Land (LOLBins) tactics, where threat actors misuse trusted system utilities for malicious purposes.
IFF Assessment
FOE
The article describes a method used by attackers to create backdoors, which is detrimental to network defenders.
Defender Context
Defenders should be aware of how legitimate system binaries like SSH.exe can be abused by attackers. Monitoring for unusual network connections or process executions involving these binaries is crucial to detecting 'living off the land' attacks.