This article went live a few days ago. The people behind these are suspected to be Gelsemium a Chinese APT group. This impacts both systemd based linux as well as non-systemd based linux. ESET security is responsible for most of the identification of this threat. This has been active at least since Mar-2023 and possibly much earlier.
As part of the investigation a new backdoor called as FireWood has been found. Further WolfsBane is the Linux equivalent of the windows malware Gelsevirine.
According to ESET
This along with Perfctl malware is a series of malware that are increasingly being targetted towards Linux.
As part of the investigation a new backdoor called as FireWood has been found. Further WolfsBane is the Linux equivalent of the windows malware Gelsevirine.
According to ESET
There are certain hashes also provided in the article for infected files.The trend of APT groups focusing on Linux malware is becoming more noticeable. We believe this shift is due to improvements in Windows email and endpoint security, such as the widespread use of endpoint detection and response (EDR) tools and Microsoft’s decision to disable Visual Basic for Applications (VBA) macros by default. Consequently, threat actors are exploring new attack avenues, with a growing focus on exploiting vulnerabilities in internet-facing systems, most of which run on Linux.
This along with Perfctl malware is a series of malware that are increasingly being targetted towards Linux.
Statistics: Posted by DebianFox — 2024-11-26 06:15 — Replies 2 — Views 124