Cybersecurity researchers have identified a sophisticated attack campaign targeting poorly managed Linux servers through SSH brute force attacks to deploy the SVF Botnet, a Python-based DDoS malware. This botnet leverages Discord for command-and-control and employs multiple proxy servers to amplify its attack capabilities. The malware transforms compromised systems into DDoS weapons, capable of launching Layer 7 HTTP floods and Layer 4 UDP floods. This attack highlights the persistent threat to inadequately secured Linux infrastructure with weak authentication mechanisms. The infection mechanism involves automated deployment via a single command execution, establishing a Python virtual environment and downloading the malware payload.
Source: https://cybersecuritynews.com/threat-actors-attacking-linux-ssh-servers/
TPRM report: https://scoringcyber.rankiteo.com/company/linuxsecurity
"id": "lin945072325",
"linkid": "linuxsecurity",
"type": "Cyber Attack",
"date": "7/2025",
"severity": "100",
"impact": "",
"explanation": "Attack threatening the organization’s existence"{'affected_entities': [{'type': 'Organization'}],
'attack_vector': 'SSH brute force attacks',
'description': 'A sophisticated attack campaign targeting poorly managed '
'Linux servers through SSH brute force attacks to deploy the '
'SVF Botnet, a Python-based distributed denial-of-service '
'malware.',
'impact': {'systems_affected': 'Linux servers'},
'initial_access_broker': {'entry_point': 'SSH brute force attacks'},
'motivation': 'Entertainment purposes',
'post_incident_analysis': {'root_causes': 'Weak SSH credentials'},
'references': [{'source': 'ASEC'}],
'threat_actor': 'SVF Team',
'title': 'SVF Botnet Attack Campaign',
'type': 'DDoS Attack',
'vulnerability_exploited': 'Weak SSH credentials'}