Brute force used to distribute denial-of-service malware.
Hackers are attacking the backbone of the Internet in an unconventional bid to spread malware and compromise people’s systems, according to the networking firm Cisco.
SSHPsychos, also known as Group 93, are said to be using mass login attempts to attack the Class C range of IP addresses, in what is known as a brute force attack.
This is achieved with the Secure Shell (SSH) network protocol used for accessing command lines remotely.
Cisco’s research group Talos claimed the hackers were attempting to guess the password of the root user, which has control over the whole system, more than 300,000 times, with the intention of spreading malware that can carry out denial-of-service attacks.
Researchers at Talos wrote on the firm’s blog: "This specific threat was known to the security community, but Cisco and Level 3 Communications agreed that it was time to step in and make it stop.
"Together we severely limited SSHPsychos ability to communicate within Level 3 Communications backbone, and hindered their ability to compromise systems and proliferate their malware."
The malware file was found to be downloaded from hardcoded IP addresses that resolved to a domain associated with a hosting company in the US.
However once Talos and Level 3 Communications started to take action against the hackers they moved their attacks to a new network, whilst continuing to serve the same malware.
"We encourage ISPs and network administrators to join our efforts to curb this specific group, by removing the routes for these networks in a controlled and responsible manner," Talos said.
"If we work together, we have the opportunity to eliminate a group that is making no effort to hide their malicious activity."