Skip to content Skip to footer

Hackers use SSH-Snake to exploit vulnerabilities

Security researchers have discovered that a network mapping tool called -Snake, which was recently made open-source, is being used by cybercriminals for malicious purposes. Created as a self-modifying worm, -Snake is designed to leverage credentials found on a compromised system to spread itself across the network. The worm automatically searches through known credential locations and shell history files to determine its next move.

Originally released on GitHub in early January 2024, -Snake is described by its developer as a “powerful tool” that can conduct automatic network traversal using private keys that are discovered on systems. It creates a comprehensive map of the network and its dependencies, which can help determine the extent to which a network can be compromised using and private keys starting from a particular host. It also supports the resolution of domains that have multiple IPv4 addresses.

According to the project's description, -Snake is completely self-replicating and fileless, making it a worm that replicates and spreads itself from one system to another. The shell script facilitates lateral movement and provides more stealth and flexibility than other typical worms.

Security firm Sysdig has observed threat actors deploying SSH-Snake in real-world attacks to harvest credentials, IP addresses, and the bash command history after discovering a command-and-control (C2) server the data. SSH keys are a recommended practice that SSH-Snake tries to use to spread, making it more intelligent and more reliable, allowing threat actors to reach farther into a network once they gain a foothold.

The developer of SSH-Snake, Joshua Rogers, said that the tool offers legitimate system owners a way to identify weaknesses in their infrastructure before attackers do. He urged companies to use SSH-Snake to discover the attack paths that exist and fix them. Rogers also called attention to the negligent operations by companies that design and implement insecure infrastructure, which a simple shell script can quickly take over.

In conclusion, the usage of SSH-Snake by cybercriminals is a significant threat to network security. Companies and system owners must proactively identify and fix vulnerabilities in their infrastructure before attackers exploit them.

Want to read more? Check out the original article available at The Hacker News!

Read More

Leave a comment

Newsletter Signup

The Grid —
The Matrix Has Me
Big Bear Lake, CA 92315

01010011 01111001 01110011 01110100 01100101 01101101 00100000
01000110 01100001 01101001 01101100 01110101 01110010 01100101

Look. This... is all a mistake. I'm just a compound interest program. I work at a savings and loan! I can't play these video games!Crom

Deitasoft © 2024. All Rights Reserved.