Back

OrBit Rootkit Exploits Linux Systems to Steal Credentials

Severity: High (Score: 66.5)

Sources: Gbhackers, Cybersecuritynews

Summary

The OrBit rootkit has been targeting Linux systems for several years, specifically harvesting SSH and sudo credentials. Initially thought to be a custom threat, it has been identified as a modified version of a publicly available rootkit. Research indicates that OrBit has evolved significantly since it was first analyzed in 2022. The rootkit operates stealthily, evading detection by most security tools, and has been spreading globally. Affected systems include various Linux distributions, with the attack vector primarily being the hijacking of userland processes. The current status shows that OrBit remains active in the wild, posing a significant risk to Linux environments. Security professionals are urged to enhance their defenses against this ongoing threat. Key Points: • OrBit rootkit targets Linux systems to steal SSH and sudo credentials. • Initially believed to be custom-built, it is a modified version of a public rootkit. • The threat has been active for years and continues to evolve without detection.

Key Entities

  • Malware (attack_type)
  • OrBit (malware)
  • T1003 - OS Credential Dumping (mitre_attack)
  • Linux (platform)
Loading threat details...

Threat Not Found

The threat cluster you're looking for doesn't exist or has been removed.

Return to Feed