Security News > 2022 > September > SparklingGoblin APT Hackers Using New Linux Variant of SideWalk Backdoor
A Linux variant of a backdoor known as SideWalk was used to target a Hong Kong university in February 2021, underscoring the cross-platform abilities of the implant.
In August 2021, ESET unearthed a new piece of custom Windows malware codenamed SideWalk that was exclusively leveraged by the actor to strike an unnamed computer retail company based in the U.S. Subsequent findings from Symantec, part of Broadcom software, have linked the use of SideWalk to an espionage attack group it tracks under the moniker Grayfly, while pointing out the malware's similarities to that of Crosswalk.
The latest research from ESET dives into SideWalk's Linux counterpart, with the analysis also uncovering that Specter RAT, a Linux botnet that came to light in September 2020, is in fact a Linux variant of SideWalk as well.
Aside from multiple code similarities between the SideWalk Linux and various SparklingGoblin tools, one of the Linux samples has been found using a command-and-control address that was previously used by SparklingGoblin.
"Since we have seen the Linux variant only once in our telemetry one can consider the Linux variant to be less prevalent - but we also have less visibility on Linux systems which could explain this," Tartare said.
"On the other hand, the Specter Linux variant is used against IP cameras and NVR and DVR devices and is mass spread by exploiting a vulnerability on such devices."
News URL
https://thehackernews.com/2022/09/sparklinggoblin-apt-hackers-using-new.html
Related news
- Chinese APT Gelsemium Targets Linux Systems with New WolfsBane Backdoor (source)
- Researchers unearth two previously unknown Linux backdoors (source)
- Chinese hackers target Linux with new WolfsBane malware (source)
- Week in review: 0-days exploited in Palo Alto Networks firewalls, two unknown Linux backdoors identified (source)
- Salt Typhoon hackers backdoor telcos with new GhostSpider malware (source)
- RomCom hackers chained Firefox and Windows zero-days to deliver backdoor (source)
- APT-C-60 Hackers Exploit StatCounter and Bitbucket in SpyGlace Malware Campaign (source)
- Hackers exploit ProjectSend flaw to backdoor exposed servers (source)
- Hackers Target Uyghurs and Tibetans with MOONSHINE Exploit and DarkNimbus Backdoor (source)
- Winnti hackers target other threat actors with new Glutton PHP backdoor (source)