SSHStalker Botnet Uses IRC C2 to Control Linux Systems via Legacy Kernel Exploits
Summary
A new botnet called SSHStalker is using IRC for command and control of Linux systems. The botnet leverages legacy Linux kernel exploits and includes tools for stealth, like log cleaners and rootkits.
IFF Assessment
FOE
The emergence of a new botnet utilizing legacy exploits and stealth techniques poses a threat to Linux systems.
Severity
9.8
Critical
(AI Estimated)
Defender Context
Defenders should monitor for IRC traffic indicative of SSHStalker C2 communication and patch systems vulnerable to legacy Linux kernel exploits. Regular vulnerability scanning and intrusion detection system tuning are crucial to identifying and mitigating SSHStalker infections, reflecting an ongoing trend of botnets targeting older vulnerabilities.