Subj : Linux devices hit with ev
To   : Mike Powell
From : Ed Vance
Date : Wed Nov 27 2024 03:52 pm


>  * Originally in: TQW_GENTEC
>  * Originally on: 11-22-24 15:30
>  * Originally by: TechnologyDaily

> Linux devices hit with even more new malware, this time from Chinese hackers

> Date:
> Fri, 22 Nov 2024 15:29:00 +0000

> Description:
> WolfsBane is an all-in-one malware solution hitting Linux systems, experts
> warn.

> FULL STORY

> Chinese hackers have built new all-in-one malware to target Linux devices, a
> new report from cybersecurity researchers ESET , have said. 

> The WolfsBane malware features a dropper, launcher, a backdoor, and a
> modified open-source rootkit for detection evasion. While not completely
> outlandish, the approach is rather unconventional, since most hacking groups
> will develop just one of these features, and use other peoples solutions for
> the rest. 

> That being said, WolfsBanes key ability is to grant its operators total
> control over the compromised system. It can execute commands coming in from
> the C2 server, exfiltrate data, and ultimately - manipulate the system.

> Gelsemium is active 

> ESET doesnt know for certain how the attackers accessed the target systems to
> deploy the malware in the first place, but assesses with medium confidence
> that the group exploited an unknown web application vulnerability. 

> The group, in this instance, is called Gelsemium, suggesting that it has at
> least one herbalist in its ranks. Itis a relatively known Chinese group,
> active since at least 2014. It mostly targets government institutions,
> educational organizations, electronics manufacturers, and religious
> institutions. The majority of its victims are located in East Asia and the
> Middle Easts. 

> ESET also suggests that the group decided to target Linux since Windows
> defenses have been getting better lately. 

> "The trend of APT groups focusing on Linux malware is becoming more
> noticeable, ESET said. 

> We believe this shift is due to improvements in Windows email and endpoint
> security, such as the widespread use of endpoint detection and response (EDR)
> tools and Microsoft's decision to disable Visual Basic for Applications (VBA)
> macros by default. Consequently, threat actors are exploring new attack
> avenues, with a growing focus on exploiting vulnerabilities in 
> internet-facing systems, most of which run on Linux." 

>  Via BleepingComputer

> ======================================================================
> Link to news story: https://www.techradar.com/pro/security/linux-devices-hit-
> with-even-more-new-ma lware-this-time-from-chinese-hackers

> $$


Another good to read article.
Thanks Mike.
Ed
--- SBBSecho 3.20-Linux
 * Origin: capitolcityonline.net * Telnet/SSH:2022/HTTP (1:2320/105)

.