Updated: Jun 21
Discovered in March 2022 by Akamai, the threat actor, believed to be Japanese, has been targeting institutions across Asia and the ME
Security researchers in the israeli center of Akamai Technologies discovered Panchan, a new peer-to-peer botnet and SSH worm which targets Linux computers.
According to the company’s report, the malware is written in Golang, and utilizes its built-in concurrency features to maximize spreadability and execute malware modules. It was discovered in March 2022.
“In addition to the “basic” SSH dictionary attack that is commonplace in most worms, this malware also harvests SSH keys to perform lateral movement,” says the report.
With the exception of virtual servers registered under cloud or private computing companies, the most common victim is academia. Akamai’s researchers “assume collaborations among different academic institutes might cause SSH keys to be shared across networks, which may explain why this vertical tops the list.”
Based on the malware’s activity and victim geolocation, admin panel language, and the threat actor’s Discord user’s activity, the researchers believe the threat actor is Japanese. Most targeted organizations are in Asia, the UAE and Saudi Arabia, while a smaller number is located in the US and across Europe.
“To avoid detection and reduce traceability, the malware drops its cryptominers as memory-mapped files, without any disk presence,” says the report. “It also kills the cryptominer processes if it detects any process monitoring.”
Akamai Technologies is a global leader in content delivery, cybersecurity and cloud services, and operates in about 100 countries worldwide. In late 2021, Akamai acquired Israeli cybersecurity company Guardicore to extend its zero trust solutions and help battle ransomware. The company employs approximately 400 staffers in its Israel offices.