Security News > 2021 > March > Researchers Unveil New Linux Malware Linked to Chinese Hackers

Cybersecurity researchers on Wednesday shed light on a new sophisticated backdoor targeting Linux endpoints and servers that's believed to be the work of Chinese nation-state actors.
RedXOR's name comes from the fact that it encodes its network data with a scheme based on XOR, and that it's compiled with a legacy GCC compiler on an old release of Red Hat Enterprise Linux, suggesting that the malware is deployed in targeted attacks against legacy Linux systems.
Intezer said two samples of the malware were uploaded from Indonesia and Taiwan around Feb. 23-24, both countries that are known to be singled out by China-based threat groups.
RedXOR supports a multitude of capabilities, including gathering system information, performing file operations, executing commands with system privileges, running arbitrary shell commands, and even options to remotely update the malware.
The latest development points to an increase in the number of active campaigns targeting Linux systems, in part due to widespread adoption of the operating system for IoT devices, web servers, and cloud servers, leading attackers to port their existing Windows tools to Linux or develop new tools that support both platforms.
"Some of the most prominent nation-state actors are incorporating offensive Linux capabilities into their arsenal and it's expected that both the number and sophistication of such attacks will increase over time," Intezer researchers outlined in a 2020 report charting the last decade of Linux APT attacks.
News URL
Related news
- Chinese Hackers Target Linux Systems Using SNOWLIGHT Malware and VShell Tool (source)
- Chinese FamousSparrow hackers deploy upgraded malware in attacks (source)
- Chinese hackers target Russian govt with upgraded RAT malware (source)
- Seven Malicious Go Packages Found Deploying Malware on Linux and macOS Systems (source)
- US charges Chinese hackers linked to critical infrastructure breaches (source)
- Chinese Hackers Breach Juniper Networks Routers With Custom Backdoors and Rootkits (source)
- Chinese Weaver Ant hackers spied on telco network for 4 years (source)
- Hackers Use .NET MAUI to Target Indian and Chinese Users with Fake Banking, Social Apps (source)
- Chinese Hackers Breach Asian Telecom, Remain Undetected for Over 4 Years (source)
- Outlaw Group Uses SSH Brute-Force to Deploy Cryptojacking Malware on Linux Servers (source)