Security News > 2022 > September > Chinese state hackers create Linux variant for SideWalk backdoor
State-backed Chinese hackers have developed a Linux variant for the SideWalk backdoor used against Windows systems belonging to targets in the academic sector.
The SideWalk Linux backdoor has been observed in the past, initially being tracked as StageClient by security researchers at cybersecurity company ESET. An early variant of the malware was spotted by researchers at 360 Netlab, the threat intelligence team at Chinese internet security company Qihoo 360, and detailed two years ago in a blog post about the Specter botnet hitting IP cameras.
After analyzing Specter and StageClient, ESET researchers determined that both malware pieces have the same root and are Linux variants of SideWalk.
ESET notes in a report today that while SideWalk Linux has been used against multiple targets in the past, their telemetry data shows that the variant they discovered was deployed against only one victim in February 2021, a university in Hong Kong.
Looking at the SideWalk variants for Linux and Windows, ESET noticed "Striking" similarities in the way they function, the implementation of multiple components, and the payloads dropped on the compromised system.
SparklingGoblin has the capabilities to develop malware adapted to its needs, as evidenced by the SideWalk Linux variant.
News URL
Related news
- Chinese APT Gelsemium Targets Linux Systems with New WolfsBane Backdoor (source)
- Chinese hackers target Linux with new WolfsBane malware (source)
- Microsoft: Chinese hackers use Quad7 botnet to steal credentials (source)
- Sophos reveals 5-year battle with Chinese hackers attacking network devices (source)
- Sophos Versus the Chinese Hackers (source)
- FBI Seeks Public Help to Identify Chinese Hackers Behind Global Cyber Intrusions (source)
- Chinese hackers exploit Fortinet VPN zero-day to steal credentials (source)
- Chinese Hackers Exploit T-Mobile and Other U.S. Telecoms in Broader Espionage Campaign (source)
- Researchers unearth two previously unknown Linux backdoors (source)
- Week in review: 0-days exploited in Palo Alto Networks firewalls, two unknown Linux backdoors identified (source)