Security News > 2022 > September > Chinese state hackers create Linux variant for SideWalk backdoor
State-backed Chinese hackers have developed a Linux variant for the SideWalk backdoor used against Windows systems belonging to targets in the academic sector.
The SideWalk Linux backdoor has been observed in the past, initially being tracked as StageClient by security researchers at cybersecurity company ESET. An early variant of the malware was spotted by researchers at 360 Netlab, the threat intelligence team at Chinese internet security company Qihoo 360, and detailed two years ago in a blog post about the Specter botnet hitting IP cameras.
After analyzing Specter and StageClient, ESET researchers determined that both malware pieces have the same root and are Linux variants of SideWalk.
ESET notes in a report today that while SideWalk Linux has been used against multiple targets in the past, their telemetry data shows that the variant they discovered was deployed against only one victim in February 2021, a university in Hong Kong.
Looking at the SideWalk variants for Linux and Windows, ESET noticed "Striking" similarities in the way they function, the implementation of multiple components, and the payloads dropped on the compromised system.
SparklingGoblin has the capabilities to develop malware adapted to its needs, as evidenced by the SideWalk Linux variant.
News URL
Related news
- Chinese hackers use Visual Studio Code tunnels for remote access (source)
- U.S. Charges Chinese Hacker for Exploiting Zero-Day in 81,000 Sophos Firewalls (source)
- Winnti hackers target other threat actors with new Glutton PHP backdoor (source)
- Hackers Use Microsoft MSC Files to Deploy Obfuscated Backdoor in Pakistan Attacks (source)
- White House links ninth telecom breach to Chinese hackers (source)
- Chinese hackers targeted sanctions office in Treasury attack (source)
- US sanctions Chinese company linked to Flax Typhoon hackers (source)
- Chinese hackers also breached Charter and Windstream networks (source)
- US Treasury hack linked to Silk Typhoon Chinese state hackers (source)
- Hackers Exploit Aviatrix Controller Vulnerability to Deploy Backdoors and Crypto Miners (source)