• Linux devices hit with ev

    From Mike Powell@1:2320/105 to All on Saturday, November 23, 2024 11:21:00
    * Originally in: TQW_GENTEC
    * Originally on: 11-22-24 15:30
    * Originally by: TechnologyDaily

    Linux devices hit with even more new malware, this time from Chinese hackers

    Date:
    Fri, 22 Nov 2024 15:29:00 +0000

    Description:
    WolfsBane is an all-in-one malware solution hitting Linux systems, experts warn.

    FULL STORY

    Chinese hackers have built new all-in-one malware to target Linux devices, a new report from cybersecurity researchers ESET , have said.

    The WolfsBane malware features a dropper, launcher, a backdoor, and a
    modified open-source rootkit for detection evasion. While not completely outlandish, the approach is rather unconventional, since most hacking groups will develop just one of these features, and use other peoples solutions for the rest.

    That being said, WolfsBanes key ability is to grant its operators total
    control over the compromised system. It can execute commands coming in from
    the C2 server, exfiltrate data, and ultimately - manipulate the system.

    Gelsemium is active

    ESET doesnt know for certain how the attackers accessed the target systems to deploy the malware in the first place, but assesses with medium confidence
    that the group exploited an unknown web application vulnerability.

    The group, in this instance, is called Gelsemium, suggesting that it has at least one herbalist in its ranks. Itis a relatively known Chinese group,
    active since at least 2014. It mostly targets government institutions, educational organizations, electronics manufacturers, and religious institutions. The majority of its victims are located in East Asia and the Middle Easts.

    ESET also suggests that the group decided to target Linux since Windows defenses have been getting better lately.

    "The trend of APT groups focusing on Linux malware is becoming more
    noticeable, ESET said.

    We believe this shift is due to improvements in Windows email and endpoint security, such as the widespread use of endpoint detection and response (EDR) tools and Microsoft's decision to disable Visual Basic for Applications (VBA) macros by default. Consequently, threat actors are exploring new attack avenues, with a growing focus on exploiting vulnerabilities in
    internet-facing systems, most of which run on Linux."

    Via BleepingComputer

    ======================================================================
    Link to news story: https://www.techradar.com/pro/security/linux-devices-hit-with-even-more-new-ma lware-this-time-from-chinese-hackers

    $$
    --- SBBSecho 3.20-Linux
    * Origin: capitolcityonline.net * Telnet/SSH:2022/HTTP (1:2320/105)
  • From Ed Vance@1:2320/105 to Mike Powell on Wednesday, November 27, 2024 15:52:14

    * Originally in: TQW_GENTEC
    * Originally on: 11-22-24 15:30
    * Originally by: TechnologyDaily

    Linux devices hit with even more new malware, this time from Chinese hackers

    Date:
    Fri, 22 Nov 2024 15:29:00 +0000

    Description:
    WolfsBane is an all-in-one malware solution hitting Linux systems, experts warn.

    FULL STORY

    Chinese hackers have built new all-in-one malware to target Linux devices, a new report from cybersecurity researchers ESET , have said.

    The WolfsBane malware features a dropper, launcher, a backdoor, and a modified open-source rootkit for detection evasion. While not completely outlandish, the approach is rather unconventional, since most hacking groups will develop just one of these features, and use other peoples solutions for the rest.

    That being said, WolfsBanes key ability is to grant its operators total control over the compromised system. It can execute commands coming in from the C2 server, exfiltrate data, and ultimately - manipulate the system.

    Gelsemium is active

    ESET doesnt know for certain how the attackers accessed the target systems to deploy the malware in the first place, but assesses with medium confidence that the group exploited an unknown web application vulnerability.

    The group, in this instance, is called Gelsemium, suggesting that it has at least one herbalist in its ranks. Itis a relatively known Chinese group, active since at least 2014. It mostly targets government institutions, educational organizations, electronics manufacturers, and religious institutions. The majority of its victims are located in East Asia and the Middle Easts.

    ESET also suggests that the group decided to target Linux since Windows defenses have been getting better lately.

    "The trend of APT groups focusing on Linux malware is becoming more noticeable, ESET said.

    We believe this shift is due to improvements in Windows email and endpoint security, such as the widespread use of endpoint detection and response (EDR) tools and Microsoft's decision to disable Visual Basic for Applications (VBA) macros by default. Consequently, threat actors are exploring new attack avenues, with a growing focus on exploiting vulnerabilities in internet-facing systems, most of which run on Linux."

    Via BleepingComputer

    ======================================================================
    Link to news story: https://www.techradar.com/pro/security/linux-devices-hit- with-even-more-new-ma lware-this-time-from-chinese-hackers

    $$


    Another good to read article.
    Thanks Mike.
    Ed
    --- SBBSecho 3.20-Linux
    * Origin: capitolcityonline.net * Telnet/SSH:2022/HTTP (1:2320/105)