|
|
|
|
|
|
by tetris11
1083 days ago
|
|
|
My bet is Russia. I work in a German institution. I was recently hacked by such a botnet recently (lessons learned: use AuthorizedKeys, allow only one SSH user, proxy all http connections to a webhoster, and check your SSH and UFW logs often!) It setup a virtual environment where it downloaded some kind of Tor node and ran some sort of code that used 100% of my CPU. My guess is crypto-mining. I purged the account, deleted everything before I could do forensics, but I checked the logs for the connections and they all came from Russia. |
|
|