----------------------------------------------------------------------------------
@MSGID: 8371.fi-linux@1:2320/105 2ba75913
@TZUTC: -0500
@PID: Synchronet 3.20a-Linux master/acc19483f Apr 26
202 GCC 12.2.0
@TID: SBBSecho 3.20-Linux master/acc19483f Apr 26
2024 23:04 GCC 12.2.0
@BBSID: CAPCITY2
@CHRS: ASCII 1
* Originally in: TQW_GENTEC
* Originally on: 11-22-24 15:30
* Originally by: TechnologyDaily
Linux devices hit with even more new malware, this time from Chinese hackers
Date:
Fri, 22 Nov 2024 15:29:00 +0000
Description:
WolfsBane is an all-in-one malware solution hitting Linux systems, experts
warn.
FULL STORY
Chinese hackers have built new all-in-one malware to target Linux devices, a
new report from cybersecurity researchers ESET , have said.
The WolfsBane malware features a dropper, launcher, a backdoor, and a
modified open-source rootkit for detection evasion. While not completely
outlandish, the approach is rather unconventional, since most hacking groups
will develop just one of these features, and use other peoples solutions for
the rest.
That being said, WolfsBanes key ability is to grant its operators total
control over the compromised system. It can execute commands coming in from
the C2 server, exfiltrate data, and ultimately - manipulate the system.
Gelsemium is active
ESET doesnt know for certain how the attackers accessed the target systems to
deploy the malware in the first place, but assesses with medium confidence
that the group exploited an unknown web application vulnerability.
The group, in this instance, is called Gelsemium, suggesting that it has at
least one herbalist in its ranks. Itis a relatively known Chinese group,
active since at least 2014. It mostly targets government institutions,
educational organizations, electronics manufacturers, and religious
institutions. The majority of its victims are located in East Asia and the
Middle Easts.
ESET also suggests that the group decided to target Linux since Windows
defenses have been getting better lately.
"The trend of APT groups focusing on Linux malware is becoming more
noticeable, ESET said.
We believe this shift is due to improvements in Windows email and endpoint
security, such as the widespread use of endpoint detection and response (EDR)
tools and Microsoft`s decision to disable Visual Basic for Applications (VBA)
macros by default. Consequently, threat actors are exploring new attack
avenues, with a growing focus on exploiting vulnerabilities in
internet-facing systems, most of which run on Linux."
Via BleepingComputer
======================================================================
Link to news story:
https://www.techradar.com/pro/security/linux-devices-hit-with-even-more-new-ma
lware-this-time-from-chinese-hackers
$$
--- SBBSecho 3.20-Linux
* Origin: capitolcityonline.net * Telnet/SSH:2022/HTTP (1:2320/105)
SEEN-BY: 50/13 279 103/705 104/119 116/17 18
120/616 124/5016 153/757 7001
SEEN-BY: 154/10 30 50 700 203/0 220/20 90 221/0
6 226/18 44 50 229/310
SEEN-BY: 240/1120 5832 280/464 5003 292/854 8125
301/1 310/31 341/66 234
SEEN-BY: 396/45 423/120 460/58 467/888 633/280
712/848 770/1 2320/0 105 108
SEEN-BY: 2320/304 401 3634/12 5020/400 545 848
1042 1477 4441 12000 5025/3 75
SEEN-BY: 5030/1081 1900 1957 2404 5037/7 5053/58
5060/900 5066/18 5080/102
SEEN-BY: 5095/20 6078/80
@PATH: 2320/105 154/10 280/464 5020/545 4441