A brief message posted on the site (see image below) made it clear the compromise was "not due to any software exploits in Apache itself", but was actually caused by a compromised SSH key.
The group did not say which Apache software servers were affected. UPDATE: An initial report from Apache is now available.
* Screenshot via The H Security. More at Threatpost.com.
Join Discussion