View all newsletters
Receive our newsletter - data, insights and analysis delivered to you

Hackers are attacking the Internet’s backbone, says Cisco

Brute force used to distribute denial-of-service malware.


Hackers are attacking the backbone of the Internet in an unconventional bid to spread malware and compromise people’s systems, according to the networking firm Cisco.

SSHPsychos, also known as Group 93, are said to be using mass login attempts to attack the Class C range of IP addresses, in what is known as a brute force attack.

This is achieved with the Secure Shell (SSH) network protocol used for accessing command lines remotely.

Cisco’s research group Talos claimed the hackers were attempting to guess the password of the root user, which has control over the whole system, more than 300,000 times, with the intention of spreading malware that can carry out denial-of-service attacks.

Researchers at Talos wrote on the firm’s blog: "This specific threat was known to the security community, but Cisco and Level 3 Communications agreed that it was time to step in and make it stop.

"Together we severely limited SSHPsychos ability to communicate within Level 3 Communications backbone, and hindered their ability to compromise systems and proliferate their malware."

The malware file was found to be downloaded from hardcoded IP addresses that resolved to a domain associated with a hosting company in the US.

Content from our partners
Why all businesses must democratise data analytics
How start-ups can take the next step towards scaling up
Unlocking the value of artificial intelligence and machine learning

However once Talos and Level 3 Communications started to take action against the hackers they moved their attacks to a new network, whilst continuing to serve the same malware.

"We encourage ISPs and network administrators to join our efforts to curb this specific group, by removing the routes for these networks in a controlled and responsible manner," Talos said.

"If we work together, we have the opportunity to eliminate a group that is making no effort to hide their malicious activity."

Websites in our network
NEWSLETTER Sign up Tick the boxes of the newsletters you would like to receive. Tech Monitor's research, insight and analysis examines the frontiers of digital transformation to help tech leaders navigate the future. Our Changelog newsletter delivers our best work to your inbox every week.
I consent to New Statesman Media Group collecting my details provided via this form in accordance with the Privacy Policy