SentinelOne Demo: SentinelOne VS ZiggyStarTux OpenSSH Trojan – GitHub Detection and Remediation

In this video, we demonstrate how SentinelOne detects and responds to ZiggyStarTux, an open-source IRC bot, based on the Kaiten malware, being leveraged in a sophisticated attack campaign targeting Linux-based systems and Internet of Things (IoT) devices. The ZiggyStarTux attackers have been observed using a malicious, trojanized version of OpenSSH to install cryptomining malware on impacted devices.

The SentinelOne Singularity platform is capable of detecting the malicious techniques and artifacts associated with attacks leveraging the trojanized OpenSSH, ZiggyStarTux tools. This capability is expected to extend to later-stage cryptominer and backdoor payloads.