1 views collected around this technical thread.
This article walks through a real-world intrusion on an Alibaba Cloud CentOS server, detailing how a disguised gpg-agentd process was used to install backdoors, hijack SSH keys, exploit Redis, and launch mass scanning, and provides concrete hardening recommendations to prevent similar attacks.
This article walks through a real‑world compromise of an Alibaba Cloud server, detailing how a disguised gpg‑agentd process was used to install backdoors, hijack SSH keys, exploit Redis, and launch mass scanning with malicious scripts, and it concludes with practical hardening recommendations.
After a routine morning, the author discovers an Alibaba Cloud server frozen due to malicious outbound traffic, then traces a sophisticated malware chain involving a disguised gpg-agentd process, malicious cron jobs, compromised SSH keys, Redis exploitation, and mass scanning, culminating in detailed forensic analysis and security recommendations.