Operation Windigo

GPTKB entity

Statements (23)
Predicate Object
gptkbp:instanceOf cyberattack campaign
gptkbp:affects web servers
SSH credentials
gptkbp:alias gptkb:Windigo
gptkbp:dataCompromised over 25,000 servers
gptkbp:discoveredBy gptkb:ESET
gptkbp:discoveredIn 2014
gptkbp:documentedIn ESET whitepaper
gptkbp:exploits Linux, FreeBSD, OpenBSD systems
https://www.w3.org/2000/01/rdf-schema#label Operation Windigo
gptkbp:notableFor long-term persistence
multi-stage infection chain
gptkbp:purpose credential theft
spam distribution
web traffic redirection
gptkbp:sentBy over 35 million spam messages per day
gptkbp:target Linux servers
gptkbp:usesMalware gptkb:Calfbot
gptkb:Cdorked
gptkb:Ebury
Linux/Onimiki
gptkbp:bfsParent gptkb:FireEye
gptkbp:bfsLayer 6