In February, the “CrystalRay” threat actor conducted a wave of attacks using the SSH-Snake penetration testing tool. Now, the group has greatly improved the scale of their operation, attacking thousands of victims. Researcher Joshua Rogers originally discovered SSH-Snake to harvest SSH keys and use them for automatic network traversal. It was intended that SSH-Snake would be used for hacking, however it is now being used for malicious purposes. The tool is self-replicating, self-propagating, and fileless. CrystalRay uses SSH-Snake to steal credentials which they then sell for profits of thousands of dollars. The group is also able to extract files of interest from victims’ machines. This threat actor demonstrates the ease with which one can gain access to victim networks using open source and penetration testing tools. 

Read more: https://www.securityweek.com/crystalray-expands-arsenal-hits-1500-targets-with-ssh-snake-and-open-source-tools/