As confirmed by the site, the attackers introduced malicious code into the servers, some files on the website were modified, a rootkit was installed and 448 credentials were compromised.
It is not yet known with certainty the consequences that this action may have on the official site that distributes the Linux Kernel."Earlier this month, a number of servers in the kernel.org infrastructure were compromised. We discovered this August 28th. While we currently believe that the source code repositories were unaffected, we are in the process of verifying this and taking steps to enhance security across the kernel.org infrastructure."
Kernel administrators learned of the problem last Sunday and began investigating to find that some things had been modified on the servers.
The attack has occurred in this month and the attackers managed to obtain administrator privileges. With this they have compromised "a certain number of servers in the infrastructure of kernel.org". Modified files have appeared and malicious software has been introduced into the startup scripts of the servers.
However, in an official note, the site has assured that despite having obtained administrator privileges it is difficult to introduce malicious code into the Linux Kernel without this being detected.
Those responsible for the site have already contacted the authorities of Europe and the United States. At the moment the web is in the process of reinstalling the infrastructure of the site while they think of solutions to strengthen security.
Source: TicBeaty Kernel.org
Leave your comment