From Microtik with Love, (Wed, Jun 13th)


#1

We’ve found interesting new traffic within our Honeytrap agents, originating from servers within Russia only (to be specific, the netblock owned by NKS / NCNET Broadband). The username and password combination being used is root / root, and they are executing all of the following ssh commands:

Article Link: https://isc.sans.edu/diary/rss/23762