<https://www.blackberry.com/content/dam/blackberry-com/asset/enterprise/pdf/direct/report-bb-decade-of-the-rats.pdf> This describes a lot of attacks, starting with a Linux server victim. Sounds like juicy stuff. I didn't find it so. It didn't clearly say what vulnarabilities were being exploited. The article hinted that a foothold was established via brute-force password guessing at logins. My servers only allow SSH logins, so this would not work on my machines. Does anyone still use passwords for logins facing the internet? Consumer crap (wireless routers, baby monitors, ...), I guess. After the login, a kernel module is installed. Where does the privilege come from? An unmentioned hole? There is a claim that this stuff is widespread and has been for a long time. I don't think any quantitative evidence is revealed.