Never-before-seen malware has infected hundreds of Linux and Windows devices. Small office routers? FreeBSD machines? Enterprise servers? Chaos infects them all.
by Dan Goodin
September 28, 2022
arstechnica
| Remark |
|---|
| SOHO |
| FreeBSD |
| Chaos malware |
| multiplatform malware |
| Linux |
| Windows |
| Black Lotus Labs |
| Lumen |
| named chaos due to “chaos” appearing in function names, certificates, … |
| activity cluster |
| IP addresses, tracking malware campaigns with |
| embedded devices |
| GitLab |
| ARM |
| i386 |
| MIPS |
| PowerPC |
| brute force |
| stolen SSH keys |
| Emotet |
| botnet |
| spam/phishing |
| CVE |
| CVE-2017-17215 |
| CVE-2022-30525 |
| Huawei |
| CVE-2022-1388 |
| load balancer |
| firewall |
| network inspection |
| F5 |
| SSH |
| lateral movement |
| malware capabilities |
| network enumeration |
| remote shells |
| cybercrime |
| DDoS |
| cryptocurrency mining |
| Kaiji botnet |
| telemetry |
| IP address |
| port |
| domain name |
| UDP |
| TCP |
| SYN |
| SYN flood |
| business verticals: gaming, finance, technology, media, entertainment, hosting |
| cryptocurrency exchange |
| EMEA |
| APAC |
| North America |
| Europe |
| volumetric DDoS |
| IP spoofing |
| CAPTCHA |
| CAPTCHA bypass |
| transport layer |
| IP stressor |
| booter |
| keep devices fully updated |
| use strong passwords |
| use multifactor authentication |
| use public key infrastructure |
| FIDO2 |