----------------------------------------------------------------------------------
@MSGID: 8372.fi-linux@1:2320/105 2bacdd32
@REPLY: 8371.fi-linux@1:2320/105 2ba75913
@TZUTC: -0500
@PID: Synchronet 3.20a-Linux master/acc19483f Apr 26
202 GCC 12.2.0
@TID: SBBSecho 3.20-Linux master/acc19483f Apr 26
2024 23:04 GCC 12.2.0
@BBSID: CAPCITY2
@CHRS: ASCII 1
> * Originally in: TQW_GENTEC
> * Originally on: 11-22-24 15:30
> * Originally by: TechnologyDaily
> Linux devices hit with even more new malware, this time from Chinese hackers
> Date:
> Fri, 22 Nov 2024 15:29:00 +0000
> Description:
> WolfsBane is an all-in-one malware solution hitting Linux systems, experts
> warn.
> FULL STORY
> Chinese hackers have built new all-in-one malware to target Linux devices, a
> new report from cybersecurity researchers ESET , have said.
> The WolfsBane malware features a dropper, launcher, a backdoor, and a
> modified open-source rootkit for detection evasion. While not completely
> outlandish, the approach is rather unconventional, since most hacking groups
> will develop just one of these features, and use other peoples solutions for
> the rest.
> That being said, WolfsBanes key ability is to grant its operators total
> control over the compromised system. It can execute commands coming in from
> the C2 server, exfiltrate data, and ultimately - manipulate the system.
> Gelsemium is active
> ESET doesnt know for certain how the attackers accessed the target systems to
> deploy the malware in the first place, but assesses with medium confidence
> that the group exploited an unknown web application vulnerability.
> The group, in this instance, is called Gelsemium, suggesting that it has at
> least one herbalist in its ranks. Itis a relatively known Chinese group,
> active since at least 2014. It mostly targets government institutions,
> educational organizations, electronics manufacturers, and religious
> institutions. The majority of its victims are located in East Asia and the
> Middle Easts.
> ESET also suggests that the group decided to target Linux since Windows
> defenses have been getting better lately.
> "The trend of APT groups focusing on Linux malware is becoming more
> noticeable, ESET said.
> We believe this shift is due to improvements in Windows email and endpoint
> security, such as the widespread use of endpoint detection and response (EDR)
> tools and Microsoft`s decision to disable Visual Basic for Applications (VBA)
> macros by default. Consequently, threat actors are exploring new attack
> avenues, with a growing focus on exploiting vulnerabilities in
> internet-facing systems, most of which run on Linux."
> Via BleepingComputer
> ======================================================================
> Link to news story:
https://www.techradar.com/pro/security/linux-devices-hit-
> with-even-more-new-ma lware-this-time-from-chinese-hackers
> $$
Another good to read article.
Thanks Mike.
Ed
--- SBBSecho 3.20-Linux
* Origin: capitolcityonline.net * Telnet/SSH:2022/HTTP (1:2320/105)
SEEN-BY: 50/13 279 103/705 104/119 116/17 18
120/616 124/5016 153/757 7001
SEEN-BY: 154/10 30 50 700 203/0 220/20 90 221/0
6 226/18 44 50 229/310
SEEN-BY: 240/1120 5832 280/464 5003 292/854 8125
301/1 310/31 341/66 234
SEEN-BY: 396/45 423/120 460/58 467/888 633/280
712/848 770/1 2320/0 105 108
SEEN-BY: 2320/304 401 3634/12 5020/400 545 848
1042 1477 4441 12000 5025/3 75
SEEN-BY: 5030/1081 1900 1957 2404 5037/7 5053/58
5060/900 5066/18 5080/102
SEEN-BY: 5095/20 6078/80
@PATH: 2320/105 154/10 280/464 5020/545 4441