In today's digital age, information security issues have attracted much attention. Recently, a cyber attack incident has once again attracted widespread attention. According to reports, Guangdong Province suffered a large-scale Trojan attack, affecting about 140,000 Linux system devices. This incident once again reminds us that the network security situation is severe, and we urgently need to strengthen our ability to prevent and respond to network threats.

From a technical perspective, a Trojan is a computer program with malicious purposes that is quietly implanted in the target system to steal information or control the system by hiding itself. As an open source operating system, the Linux system is more secure than the Windows system, but it is not absolutely safe. Hackers are always looking for loopholes and weaknesses in the system in order to launch network attacks.

There are many reasons why Guangdong has become a hard-hit area in this incident. First, Guangdong Province has a developed economy, a large number of corporate and individual users, and a large number of network devices, making it an important target for hacker attacks. Secondly, some system administrators have a weak awareness of network security, and the timely repair of system vulnerabilities and security protection measures are not in place, giving hackers an opportunity to take advantage of. Furthermore, network users generally have a low sense of security, which can easily become a weakness in network attacks, such as trusting phishing emails and downloading unknown applications.

To effectively deal with the threat of Trojan reappearance, we first need to strengthen system security awareness education. Whether it is an enterprise or an individual user, we should pay attention to network security, regularly update system patches, strengthen password security awareness, and avoid using weak passwords. Secondly, it is crucial to establish a sound network security protection system. Potential network threats can be discovered and blocked in a timely manner by deploying technical means such as firewalls and intrusion detection systems. In addition, it is also crucial to strengthen network security monitoring and emergency response capabilities so that once an abnormal situation is discovered, it can respond quickly to reduce losses.

In the field of network security, the development of technology can never keep up with the pace of hackers. Therefore, continuous learning and updating are the key to maintaining network security. With the continuous development of technologies such as artificial intelligence and big data, network security will also face more challenges and opportunities in the future. Only by constantly improving our own network security awareness and technical level can we better protect the information security of individuals and enterprises.

In general, the Trojan reappearance incident reminds us that network security cannot be ignored. The attack on 140,000 Linux system devices in Guangdong is not just a number, but also a realistic warning of the current state of network security. Each of us is the guardian of network security. Only by working together can we build a more secure and stable network environment. Let us join hands to jointly respond to network security challenges and protect our digital world.

The four most famous international exchanges:

Binance INTL	OKX INTL	Gate.io INTL	Huobi INTL
China Line　APP DL	China Line　APP DL	China Line　APP DL	China Line　APP DL

Note: The above exchange logo is the official website registration link, and the text is the APP download link.

Yesterday (August 21), Tencent Yujian Threat Intelligence Center released a message that Tencent security experts found that the Tencent Yujie Advanced Threat Detection System deployed by a certain enterprise customer had SSH service compromised perception information during routine security inspections for a certain enterprise customer.

After investigation, it was found that the attack was initiated by the large mining botnet WannaMine: the attacker implanted shell backdoors and brootkit backdoor programs after successfully blasting the SSH weak password, and spread horizontally in the intranet through SSH. The victim machine received remote instructions to install (including but not limited to) mining trojans and DDoS attack modules.

SSH stands for Secure Shell, which is now one of the main protocols for accessing network devices and servers through the Internet. SSH is mainly used on all popular operating systems, such as Unix, Solaris, Red-Hat Linux, CentOS, and Ubuntu. SSH uses port number 22 by default. We used zoomeye to find devices with open port 22 and found that more than 100 million devices in the world have opened this port, which means that more than 100 million devices are likely to be blasted.

According to the monitoring data of Tencent Security Yujian Threat Intelligence Center, WannaMine has shown a new rapid growth trend in China since June 2019, and has currently affected nearly 140,000 devices.

The top three regions infected by the virus are: Guangdong (20.3%), Jiangsu (7.7%), and Zhejiang (7%).

Distribution of WannaMine virus victims