Strange connections outgoing SSH connections (to China!?) after startup/git install

I met the same problem, I don’t know what is that. lsof -i gives me:

sshd      26054       root    3u  IPv4 4317876      0t0  TCP atlas:ssh->126.30.65.218.broad.xy.jx.dynamic.163data.com.cn:58888 (ESTABLISHED)
sshd      26055       sshd    3u  IPv4 4317876      0t0  TCP atlas:ssh->126.30.65.218.broad.xy.jx.dynamic.163data.com.cn:58888 (ESTABLISHED)

Changes root password for security

I am also an attorney and will report this data breach to the proper authorities if necessary. I have taken reasonable security measures on my end. Please explain how an established connection translates to attempted brute force and not successful attacks.

I am seeing the same issues. I am a professional full time pen tester. This absolutely cannot happen on my system! I have researched the IPs and some are malicious. It also says the connections are established and an established connection sounds like a successful attack. Despite editing my config file to only allow ssh connections from designated IP addresses and killing processes by PID the connections still reappear and are still there. I have maldetect and ESOT neither detects malware on the system and I do not see any strange files. I have changed my password from an already complex password to an even longer yet established connections persist. I need clarification as soon as possible. It would be huge pain to switch my entire setup over to AWS or other competitors and I would rather not do this but I will pay more money for better security.