linux_mint
Linux Mint website hack redirects ISO downloads
The Linux Mint website, specifically its WordPress installation, was compromised. Attackers modified download links on the site for the Linux Mint 17.3 Cinnamon edition ISO. These links redirected users to a server hosting a modified ISO containing the Tsunami backdoor, giving attackers remote control over infected machines.
- Date
- 2016-02-20 to 2016-02-21
- Category
- Open Source
- Target Surface
- Distribution
- Insertion Phase
- distribution
- Impact
- Backdoor
- Cause
- Compromised Infrastructure
What Was Affected
Package
linux_mint
LanguageBinary
ComponentDistribution
Artifact typebinary archive
Domain typeproject download host
Domain
linuxmint.com
Compromised Versions
- 17.3 Cinnamon Edition
Incident Context
- Motive
- Unauthorized Access/Control
- Attribution
- Individual Hacker
- Transitive
- No
- Observed Duration
- 1 days
Evidence
Compromised Artifacts
- 5.104.175.212/linuxmint-17.3-cinnamon-64bit-v2.iso
- torrents.linuxmint.com/torrents/linuxmint-17.3-cinnamon-64bit.iso.torrent
Current Artifacts and Analysis
Indicators and Changes
Hashes
sha256:307d8420e51d8a237153a5ea6454422ee9360f552eb7ea8ce5f5fcf6b7d3c917md5:e71a2aad8b58605e906dbea444dc4787
Commits
WordPress modifications targeting download page links, exact details unavailable
External References
Source Data
Source record: oss/linux_mint/meta.yaml