Untangling a Linux Incident With an OpenAI Twist

This blog describes a Huntress SOC investigation of a Linux host compromised by at least two threat actor groups that installed a Monero cryptominer, harvested credentials and exfiltrated data; the legitimate user relied on OpenAI Codex for remediation attempts, which generated noisy legitimate commands that complicated detection and triage.