Cybercriminals Weaponizing Open-Source SSH-Snake Tool for Network Attacks
Feb 22, 2024
Network Security / Penetration Testing
A recently open-sourced network mapping tool called SSH-Snake has been repurposed by threat actors to conduct malicious activities. "SSH-Snake is a self-modifying worm that leverages SSH credentials discovered on a compromised system to start spreading itself throughout the network," Sysdig researcher Miguel Hernández said . "The worm automatically searches through known credential locations and shell history files to determine its next move." SSH-Snake was first released on GitHub in early January 2024, and is described by its developer as a "powerful tool" to carry out automatic network traversal using SSH private keys discovered on systems. In doing so, it creates a comprehensive map of a network and its dependencies, helping determine the extent to which a network can be compromised using SSH and SSH private keys starting from a particular host. It also supports resolution of domains which have multiple IPv4 addresses. "It's comp...