Security News > 2023 > March > Iron Tiger hackers create Linux version of their custom malware
The APT27 hacking group, aka "Iron Tiger," has prepared a new Linux version of its SysUpdate custom remote access malware, allowing the Chinese cyberespionage group to target more services used in the enterprise.
According to a new report by Trend Micro, the hackers first tested the Linux version in July 2022.
The new malware variant is written in C++ using the Asio library, and its functionality is very similar to Iron Tiger's Windows version of SysUpdate.
Trend Micro comments that Iron Tiger used a Wazuh-signed executable in later sideloading stages to blend with the victim's environment, as the target organization used the legitimate Wazuh platform.
One new feature in the Linux SysUpdate variant is DNS tunneling, seen only on one Windows sample of the malware.
Trend Micro says the choice of the Asio library for developing the Linux version of SysUpdate might be due to its multi-platform portability and predicts that a macOS version of the malware might appear in the wild soon.
News URL
Related news
- Chinese Hackers Target Linux Systems Using SNOWLIGHT Malware and VShell Tool (source)
- Outlaw Group Uses SSH Brute-Force to Deploy Cryptojacking Malware on Linux Servers (source)
- North Korean Hackers Deploy BeaverTail Malware via 11 Malicious npm Packages (source)
- State-Sponsored Hackers Weaponize ClickFix Tactic in Targeted Malware Campaigns (source)
- Experts Uncover New XorDDoS Controller, Infrastructure as Malware Expands to Docker, Linux, IoT (source)
- Chinese hackers target Russian govt with upgraded RAT malware (source)
- Hackers Abuse Russian Bulletproof Host Proton66 for Global Attacks and Malware Delivery (source)
- Iran-Linked Hackers Target Israel with MURKYTOUR Malware via Fake Job Campaign (source)
- North Korean Hackers Spread Malware via Fake Crypto Firms and Job Interview Lures (source)
- Watch out for any Linux malware sneakily evading syscall-watching antivirus (source)