G0124

G0124Windigo

Description

The [Windigo](https://attack.mitre.org/groups/G0124) group has been operating since at least 2011, compromising thousands of Linux and Unix servers using the [Ebury](https://attack.mitre.org/software/S0377) SSH backdoor to create a spam botnet. Despite law enforcement intervention against the creators, [Windigo](https://attack.mitre.org/groups/G0124) operators continued updating [Ebury](https://attack.mitre.org/software/S0377) through 2019.(Citation: ESET Windigo Mar 2014)(Citation: CERN Windigo June 2019)

References

  1. https://attack.mitre.org/groups/G0124
  2. https://www.welivesecurity.com/2014/03/18/operation-windigo-the-vivisection-of-a-large-linux-server-side-credential-stealing-malware-campaign/
  3. https://security.web.cern.ch/advisories/windigo/windigo.shtml

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

Software
Ebury
Group
UNC2452
Group
WIRTE
Group
Evilnum
Group
BackdoorDiplomacy
Group
Windshift
Sourced from MITRE ATT&CK Enterprise 14.1. Curated by Adam Lundqvist, SQUR.