from Hacker News

Kernel.org servers infected with backdoors for two years from 2009

by yau8edq12i on 5/16/24, 5:32 AM with 11 comments

• by skilled on 5/16/24, 7:44 AM

  The title is quite clickbaity I think, because of this:

  > Occurred no later than August 12, 2011, and wasn't detected for another 17 days

  which also had a discussion on HN in 2013:

  Who rooted kernel.org servers two years ago? (https://news.ycombinator.com/item?id=6438326) - Sep 2013 (45 comments)

  The article from ESET is here,

  Ebury is alive but unseen: 400k Linux servers compromised for cryptocurrency theft and financial gain (https://www.welivesecurity.com/en/eset-research/ebury-alive-...) - May 2024

  but the article itself only serves as an introduction to the PDF:

  https://web-assets.esetstatic.com/wls/en/papers/white-papers...

• by sixhobbits on 5/16/24, 11:21 AM

  > Maintainers reneged on a promise[0] to provide an autopsy of the hack, a decision that has limited the public’s understanding of the incident.

  [0] https://arstechnica.com/information-technology/2013/09/who-r...

  This bit makes it sound like 3 letter agencies were involved?