CRYSTALRAY, massive expansion and sophisticated cyberattack techniques

The Sysdig Threat Research Team (TRT) noted that the group of threats known as SSH-Snake, now called CRYSTALRAY, has greatly expanded its operations, affecting over 1500 victims. Using open source security tools, CRYSTALRAY scans for vulnerabilities, deploys backdoors and maintains access to compromised systems. The attack leverages open source software SSH-Snake and targets Confluence vulnerabilities, spreading through stolen SSH credentials. Objectives include collecting and selling credentials, implementing cryptominer, and maintaining access to systems. They use tools like nmap, ASN and nuclei for targeted scanning and vulnerability exploitation. In addition, CRYSTALRAY uses the Platypus dashboard to manage reverse shell sessions and earns about $200 a month with crypto-mining operations, eliminating competitors from compromised systems.