Windigo
The Windigo group has been operating since at least 2011, compromising thousands of Linux and Unix servers using the Ebury SSH backdoor to create a spam botnet. Despite law enforcement intervention against the creators, Windigo operators continued updating Ebury through 2019.
Attribution signal
?Score = mentions × confidence weight, summed across all attributed sources. Higher source diversity increases the score.≥ 10 High≥ 3 Moderate< 3 Low0.0
None signal strength
Mentions0
Sources0
High conf.0
First observed
2021-02-10
Last active
—
Origin
Russia
Aliases
1
Techniques
7
Campaigns
0
Russia
Attribution signals
No attribution signals extracted yet — signals populate automatically as articles are processed.