Security News > 2024 > May > Ebury botnet compromises 400,000+ Linux servers
In many cases, Ebury operators could gain full access to large servers of ISPs and well-known hosting providers.
"We have documented cases where the infrastructure of hosting providers was compromised by Ebury. In these cases, we have seen Ebury being deployed on servers rented out by those providers, with no warning to the lessees. This resulted in cases where the Ebury actors were able to compromise thousands of servers at once," says Marc-Etienne M. Léveillé, the ESET researcher who investigated Ebury for more than a decade.
There is no geographical boundary to Ebury; there are servers compromised with Ebury in almost all countries in the world.
In another incident, a total of 70,000 servers from that hosting provider were compromised by Ebury in 2023.
Kernel.org, hosting the source code of the Linux kernel, had been a victim of Ebury too.
"Ebury poses a serious threat and a challenge to the Linux security community. There is no simple fix that would make Ebury ineffective, but a handful of mitigations can be applied to minimize its spread and impact. One thing to realize is that it doesn't only happen to organizations or individuals that care less about security. A lot of very tech-savvy individuals and large organizations are among the list of victims," concludes Léveillé.