Security News > 2020 > April > BlackBerry: Chinese cybercriminals target high-value Linux servers with weak defenses
Linux malware is real and Advanced Persistent Threat groups have been infiltrating critical servers with these tools for at least eight years, according to a new report from BlackBerry.
The RATs report describes how five APT groups are working with the Chinese government and the remote access trojans the cybercriminals are using to get and maintain access to Linux servers.
According to the report, the groups appeared to be using WINNTI-style tooling to take aim at Linux servers and remain relatively undetected for almost a decade.
The RATs report includes a wealth of indicators that network admins and security analysts can use to see what is happening on Linux servers.
The report authors also found that these backdoors communicated both to internal as well asexternal IP addresses, indicating that the groups attacked servers that were bothdeliberately segmented to keep them from connecting to the internet and connected to web servers that reached outside the target organization.
News URL
Related news
- Linux version of new Cicada ransomware targets VMware ESXi servers (source)
- 'Hadooken' Linux malware targets Oracle WebLogic servers (source)
- New Linux malware Hadooken targets Oracle WebLogic servers (source)
- New Perfctl Malware Targets Linux Servers for Cryptocurrency Mining and Proxyjacking (source)
- New scanner finds Linux, UNIX servers exposed to CUPS RCE attacks (source)