TZUTC: -0500
MSGID: 8372.fi-linux@1:2320/105 2bacdd32
REPLY: 8371.fi-linux@1:2320/105 2ba75913
PID: Synchronet 3.20a-Linux master/acc19483f Apr 26 202 GCC 12.2.0
TID: SBBSecho 3.20-Linux master/acc19483f Apr 26 2024 23:04 GCC 12.2.0
BBSID: CAPCITY2
CHRS: ASCII 1

>  * Originally in: TQW_GENTEC
>  * Originally on: 11-22-24 15:30
>  * Originally by: TechnologyDaily

> Linux devices hit with even more new malware, this time from Chinese hackers

> Date:
> Fri, 22 Nov 2024 15:29:00 +0000

> Description:
> WolfsBane is an all-in-one malware solution hitting Linux systems, experts
> warn.

> FULL STORY

> Chinese hackers have built new all-in-one malware to target Linux devices, a
> new report from cybersecurity researchers ESET , have said. 

> The WolfsBane malware features a dropper, launcher, a backdoor, and a
> modified open-source rootkit for detection evasion. While not completely
> outlandish, the approach is rather unconventional, since most hacking groups
> will develop just one of these features, and use other peoples solutions for
> the rest. 

> That being said, WolfsBanes key ability is to grant its operators total
> control over the compromised system. It can execute commands coming in from
> the C2 server, exfiltrate data, and ultimately - manipulate the system.

> Gelsemium is active 

> ESET doesnt know for certain how the attackers accessed the target systems to
> deploy the malware in the first place, but assesses with medium confidence
> that the group exploited an unknown web application vulnerability. 

> The group, in this instance, is called Gelsemium, suggesting that it has at
> least one herbalist in its ranks. Itis a relatively known Chinese group,
> active since at least 2014. It mostly targets government institutions,
> educational organizations, electronics manufacturers, and religious
> institutions. The majority of its victims are located in East Asia and the
> Middle Easts. 

> ESET also suggests that the group decided to target Linux since Windows
> defenses have been getting better lately. 

> "The trend of APT groups focusing on Linux malware is becoming more
> noticeable, ESET said. 

> We believe this shift is due to improvements in Windows email and endpoint
> security, such as the widespread use of endpoint detection and response (EDR)
> tools and Microsoft's decision to disable Visual Basic for Applications (VBA)
> macros by default. Consequently, threat actors are exploring new attack
> avenues, with a growing focus on exploiting vulnerabilities in 
> internet-facing systems, most of which run on Linux." 

>  Via BleepingComputer

> ======================================================================
> Link to news story: https://www.techradar.com/pro/security/linux-devices-hit-
> with-even-more-new-ma lware-this-time-from-chinese-hackers

> $$


Another good to read article.
Thanks Mike.
Ed
--- SBBSecho 3.20-Linux
 * Origin: capitolcityonline.net * Telnet/SSH:2022/HTTP (1:2320/105)
SEEN-BY: 18/200 103/705 104/119 105/81 106/201 116/17 18 120/616 124/5016
SEEN-BY: 128/187 129/305 153/757 7001 7715 154/10 30 50 700 203/0
SEEN-BY: 218/700 220/20 90 221/0 6 226/18 30 44 50 227/114 229/110
SEEN-BY: 229/111 114 206 300 310 317 400 426 428 470 550 616 664 700
SEEN-BY: 240/1120 5832 266/512 280/464 5003 282/1038 291/111 292/854
SEEN-BY: 292/8125 301/1 310/31 320/219 322/757 341/66 234 342/200
SEEN-BY: 396/45 423/120 460/58 256 1124 5858 467/888 633/280 712/848
SEEN-BY: 770/1 902/26 2320/0 105 108 304 401 3634/12 5020/400 545
SEEN-BY: 5054/30 5075/35
PATH: 2320/105 154/10 280/464 460/58 229/426