Cisco and service provider Level 3 have teamed up take down netblocks linked to brute-force hack kingpins SSHPsychos, severely degrading (but not destroying) the group's potential to hack servers in the process.
Hacker collective SSHPsychos (AKA Group 93) has been running SSH brute force attacks on an industrial scale since June 2014. Its activities dwarf the combined SSH login attempt traffic from the rest of the internet.
SSH (Secure Shell) is an industry standard remote admin protocol. The whole attack is designed to plant a DDoS rootlet on compromised Linux servers.
SSHPsychos has created a powerful attack platform by automating the process of trying multiple attempts to guess a correct password that allows them to commandeer other peoples' servers for nefarious reasons.
As a result of the takedown, SSHPsychos’ ability to communicate within Level 3 Communications backbone has been disconnected, hindering the group's ability to compromise systems and proliferate its malware.
Cisco is encouraging ISPs and sysadmins to fight the group on a different front by removing further routes into networks that have been abused by SSHPsychos.
More detail on the takedown can be found in a blog post by the Cisco Talos Security Intelligence and Research Group here.
This week's op follows hot on the heels of takedown operation against a different group of cybercrooks linked to the Beebone botnet, which infected Windows PCs. ®