Hackers on February 20, 2016 compromised the Linux Mint online site and made it to lead onto malevolent ISOs which had the TSUNAMI IRC bot, so it was involved with IRC DDoSing network-of-bots, published slashdot.org, February 21, 2016.
Linux Mint task leader Clement Lefebyre admitted that the first entrance was through their WordPress blogging site. Subsequently, the hackers were able in getting their admission into Linux Mint's underlying server followed with eventually acquiring www-data's shell access. Here they altered download page of Linux Mint for leading onto one malevolent FTP server being supported with IP:22.214.171.124 at Bulgaria.
However, on discovering the problem, security experts of Linux Mint removed the web-links embedded on www.linuxmint.com, but apparently the attackers re-hacked the download section. Since the security experts realized their incapability towards eradicating the actual entry point of the hackers, they shutdown all of linuxmint.com domain for preventing spread of the ISO graphics among end-users that missed on its security warning.
Senior Threat Intelligence Analyst Yonathan Klijnsma for Dutch security company Fox-IT who observed that following some hours of announcement of Linux Mint's hack, somebody flashed one advertisement on the trading forum TheRealDeal Dark Web. One Web-surfer nicknamed peace_of_mind engaged in trading the entire forum dump, php mailer and shell of "Liuxmint.com" at 0.1910 Bitcoin price.
Moreover, while handling the hijacked ISOs, just the man.cy file was modified even as the hackers included one fresh function known as 'tsunami,' which's associated with one popular Trojan for Linux ELF known as TSUNAMI, an ordinary IRC bot employed in execution of DDoS assaults.
And because the hackers chose for contaminating one top-shelf distro of Linux using one uncomplicated IRC bot it only shows that some inexperienced gang was behind the attack. Moreover, since site access continues to work as also with Linux Mint security group not being able to identify the hackers' actual entry point, it was only waiting time for the hackers.
But when hackers progressively posted advertisements on one illegal hacking website, it ultimately drew security researchers' attention that followed with closing the entire Linux Mint website and dissociating any access to it.