• Buffalox@lemmy.world
    link
    fedilink
    English
    arrow-up
    1
    ·
    edit-2
    1 month ago

    maybe the number of files it scans looking for misconfigurations

    So how did it get into the system to be able to scan configuration files?

    • nyan@lemmy.cafe
      link
      fedilink
      English
      arrow-up
      4
      ·
      1 month ago

      Separate remote code execution vulnerability in unupdated versions of RocketMQ, a Chinese-developed messaging/streaming server, in the case of the infection described in the article. It’s possible that there are a few other RCE vulns it can make use of, but 20000 of them seems unlikely.