View all newsletters
Receive our newsletter - data, insights and analysis delivered to you

Hackers are attacking the Internet’s backbone, says Cisco

Brute force used to distribute denial-of-service malware.

By Jimmy Nicholls

Hackers are attacking the backbone of the Internet in an unconventional bid to spread malware and compromise people’s systems, according to the networking firm Cisco.

SSHPsychos, also known as Group 93, are said to be using mass login attempts to attack the Class C range of IP addresses, in what is known as a brute force attack.

This is achieved with the Secure Shell (SSH) network protocol used for accessing command lines remotely.

Cisco’s research group Talos claimed the hackers were attempting to guess the password of the root user, which has control over the whole system, more than 300,000 times, with the intention of spreading malware that can carry out denial-of-service attacks.

Researchers at Talos wrote on the firm’s blog: "This specific threat was known to the security community, but Cisco and Level 3 Communications agreed that it was time to step in and make it stop.

"Together we severely limited SSHPsychos ability to communicate within Level 3 Communications backbone, and hindered their ability to compromise systems and proliferate their malware."

The malware file was found to be downloaded from hardcoded IP addresses that resolved to a domain associated with a hosting company in the US.

Content from our partners
Unlocking growth through hybrid cloud: 5 key takeaways
How businesses can safeguard themselves on the cyber frontline
How hackers’ tactics are evolving in an increasingly complex landscape

However once Talos and Level 3 Communications started to take action against the hackers they moved their attacks to a new network, whilst continuing to serve the same malware.

"We encourage ISPs and network administrators to join our efforts to curb this specific group, by removing the routes for these networks in a controlled and responsible manner," Talos said.

"If we work together, we have the opportunity to eliminate a group that is making no effort to hide their malicious activity."

Websites in our network
Select and enter your corporate email address Tech Monitor's research, insight and analysis examines the frontiers of digital transformation to help tech leaders navigate the future. Our Changelog newsletter delivers our best work to your inbox every week.
  • CIO
  • CTO
  • CISO
  • CSO
  • CFO
  • CDO
  • CEO
  • Architect Founder
  • MD
  • Director
  • Manager
  • Other
Visit our privacy policy for more information about our services, how New Statesman Media Group may use, process and share your personal data, including information on your rights in respect of your personal data and how you can unsubscribe from future marketing communications. Our services are intended for corporate subscribers and you warrant that the email address submitted is your corporate email address.