A threat actor is using an open-source network mapping tool named SSH-Snake to look for private keys undetected and move laterally on the victim infrastructure.
SSH-Snake was discovered by the Sysdig Threat Research Team (TRT), who describe it as a "self-modifying worm" that stands out from traditional SSH worms by avoiding the patterns typically associated with scripted attacks.
The worm searches for private keys in various locations, including shell history files, and uses them to stealthily spread to new systems after mapping the network. Read More..