Security News > 2022 > September > SparklingGoblin APT Hackers Using New Linux Variant of SideWalk Backdoor

A Linux variant of a backdoor known as SideWalk was used to target a Hong Kong university in February 2021, underscoring the cross-platform abilities of the implant.

In August 2021, ESET unearthed a new piece of custom Windows malware codenamed SideWalk that was exclusively leveraged by the actor to strike an unnamed computer retail company based in the U.S. Subsequent findings from Symantec, part of Broadcom software, have linked the use of SideWalk to an espionage attack group it tracks under the moniker Grayfly, while pointing out the malware's similarities to that of Crosswalk.

The latest research from ESET dives into SideWalk's Linux counterpart, with the analysis also uncovering that Specter RAT, a Linux botnet that came to light in September 2020, is in fact a Linux variant of SideWalk as well.

Aside from multiple code similarities between the SideWalk Linux and various SparklingGoblin tools, one of the Linux samples has been found using a command-and-control address that was previously used by SparklingGoblin.

"Since we have seen the Linux variant only once in our telemetry one can consider the Linux variant to be less prevalent - but we also have less visibility on Linux systems which could explain this," Tartare said.

"On the other hand, the Specter Linux variant is used against IP cameras and NVR and DVR devices and is mass spread by exploiting a vulnerability on such devices."

News URL

https://thehackernews.com/2022/09/sparklinggoblin-apt-hackers-using-new.html