Security News > 2021 > March > Chinese state hackers target Linux systems with new malware
Security researchers at Intezer have discovered a previously undocumented backdoor dubbed RedXOR, with links to a Chinese-sponsored hacking group and used in ongoing attacks targeting Linux systems.
Based on command-and-control servers still being active, the Linux backdoor is being used in ongoing attacks targeting both Linux servers and endpoints.
Intezer also found multiple connections between the RedXOR Linux backdoor and multiple malware strains linked to the Winnti state hackers, including the PWNLNX backdoor and the Groundhog and XOR.DDOS botnets.
The discovery of new is not at all surprising, taking into account the over 40% increase in new Linux malware found during 2020.
Nation-state hackers also focus more and more on targeting Linux systems, as highlighted by a 2020 Intezer report summarizing the last ten years of Linux APT attacks.
"In the previous decade researchers discovered several large APT campaigns targeting Linux systems, as well as unique Linux malware tools tailored for espionage operations," Intezer said.
News URL
Related news
- Chinese hackers target Linux with new WolfsBane malware (source)
- Chinese Hackers Use GHOSTSPIDER Malware to Hack Telecoms Across 12+ Countries (source)
- Iranian Hackers Deploy WezRat Malware in Attacks Targeting Israeli Organizations (source)
- Chinese hackers exploit Fortinet VPN zero-day to steal credentials (source)
- Chinese Hackers Exploit T-Mobile and Other U.S. Telecoms in Broader Espionage Campaign (source)
- Chinese APT Gelsemium Targets Linux Systems with New WolfsBane Backdoor (source)
- Russian Hackers Deploy HATVIBE and CHERRYSPY Malware Across Europe and Asia (source)
- North Korean Hackers Steal $10M with AI-Driven Scams and Malware on LinkedIn (source)
- Salt Typhoon hackers backdoor telcos with new GhostSpider malware (source)
- APT-C-60 Hackers Exploit StatCounter and Bitbucket in SpyGlace Malware Campaign (source)