Researchers Detect Surge in Erlang/OTP SSH Attacks Targeting Telecom and Messaging Systems

Experts in cybersecurity have noticed a sharp increase in attacks that take advantage of the Erlang/OTP SSH service, a little-known but vital part of messaging systems, telecom infrastructure, and other distributed applications. Concerns regarding attackers targeting high-performance backend systems have been raised by the increase in malicious activity.

The Erlang runtime, widely used in systems like WhatsApp, RabbitMQ, and telecom switches, includes a built-in SSH daemon that’s often overlooked in security audits. Researchers warn that poorly configured instances or exposed ports could allow attackers to gain unauthorized access, execute code, or pivot deeper into enterprise environments.

It is recommended that security teams use Erlang/OTP to examine deployments, particularly in settings where SSH is enabled by default. Disabling unused services, implementing stringent access controls, and keeping an eye on network traffic for unusual activity are all part of the advice.

Threat actors appear to be increasingly probing Erlang/OTP instances in the wild, perhaps in search of new vectors for lateral movement or persistent access, as evidenced by the recent spike in scans and exploitation attempts.