If you're involved with IT Security at any level and if your network includes Linux servers, keep a watchful eye out for the new Panchan botnet.
It first appeared in the wilds on March of this year (2022) and its main focus seems to be targeting Linux servers in the education sector and enslaving them to mine for cryptocurrency.
Panchan has several wormlike features that allow it to replicate quickly and spread laterally once it gets inside a network. Additionally, the hackers behind the botnet have given it a raft of detection avoidance capabilities. That includes the fact that it uses memory-mapped miners and dynamic detection capabilities that allows it to stop all mining operations automatically if it detects that anomalous activities are being scanned for.
Panchan was written in Golang, which is both versatile and powerful. Once it infects a target network, it creates a hidden folder inside itself under the name "xinetd."
Once that's done, it initiates an HTTPS POST operation to allow it to communicate with Discord, which is likely how the hackers monitor their new victim.
In terms of communicating back to its command-and-control server, Panchan utilizes port 1919 and note that these communications are not encrypted.
Researchers at Akamai first discovered this new threat and have mapped out its spread to this point. They have discovered 209 compromised systems with more than 40 currently active infections. The USA seems to be the botnet's primary target with China as a distant second. Russia, Japan, India, and Brazil account for most of the rest.
Although the education sector seems to be the group's primary focus for now, anyone running a Linux server should consider themselves at risk. While this botnet isn't as damaging as some, it is nonetheless a threat to be avoided.
________________________________________________________________________________________________________
"Fortune Favors Who Value Time over Money!"
"TeQ I.Q. was the 1st IT Company to Deliver Cloud Solutions since 2003"
Tech issues taking up your Time?
"TeQ I.Q. Makes Your Technology Simple and Easy"
Do you have Tech Frustrations like your Computer, Internet, Phone, Cellphone, Camera, TV, Car?
"We Take Away Your Tech Frustrations and Give You the Free Time You Deserve!"
Call Robert to ask all your Technology questions.
We are giving a Free in Person TeQ Seminar at our office in La Mesa every Wednesday from 12pm-1pm and a Free TeQ Support Q&A from 1pm-2pm. Go to https://www.teqiq.com/events for our upcoming Events and https://www.teqiq.com/seminars for info on each Seminar.
For Free Consultation Call Now Robert Black at (619) 255-4180 or visit our website https://www.teqiq.com/
Chase Bank and Others Trust TeQ I.Q. with their IT and TeQnology so can you!
