ESET Finds Rootkits, Does Not Explain How They Get Installed, Media Says It Means "Previously Unknown Linux Backdoors" (Useful Distraction From CALEA and CALEA2)
FUD watch: In the trailing citations, all the following links are a form of FUD (Fear, Uncertainty, Doubt), fear-mongering, and dramatisation. We must contextualise those.
TODAY we belatedly catch up with FUD [1-12] (after spending a week with family). The articles below are probably not the end of it, but it's all we've found so far.
So some of these articles are pure FUD and barely accessible (or probably skippable, as an associate said, due to either of these issues). We don't want to comment on each of these individually but instead remind people of ESET's collaborations with Microsoft. ESET habitually spreads anti-Linux 'studies' or 'research' at strategic (to Microsoft) times.
Looking at one "sample" of the FUD (not Microsoft-connected site, unlike some of the sites below), the associate said: "Rootkits are not a big deal [and] if the article does not give a hint about delivery. It seems like mostly a FUD campaign."
I had noticed the same and sought a second opinion. They also misuse the term "backdoor" and try to imply that Linux itself has back doors.
Why now? What's the point of this?
Well, there are real back doors being exploited by China and they're nothing to do with "Linux". The media mentioned them a few days ago, but it blamed "China" instead of those who put the back doors in there. As the associate said, "there's no mention of the real culprit, CALEA and CALEA2.
So what we have are real issues - an abundance of back doors, including the ones in Microsoft's products. But instead the media talks about "Linux", citing an Estonian partner of Microsoft.
"The Microsoft Effect," as the associate put it, implies that "all computers are insecure at some level so stay with Microsoft even though there are drastic differences in the levels of insecurity between Microsoft and non-Microsoft systems."
In one of the pieces below, "Microsoft mouthpieces try to play it up," our associate concluded.
While it's unwise to give visibility or publicity to bad pieces, adding some context to them and framing them as FUD can hopefully help. █
Related/contextual items from the news:
-
Gelsemium APT Hackers Attacking Linux Servers With New WolfsBane Malware
A new Linux backdoor named WolfsBane has been recently uncovered by the ESET researchers, attributed to the Gelsemium advanced persistent threat (APT) group.
This discovery marks the first public report of Gelsemium using Linux malware, signaling a shift in their operational strategy. WolfsBane is identified as the Linux counterpart of Gelsevirine, a known Windows malware used by Gelsemium.
-
Researchers unearth two previously unknown Linux backdoors
ESET researchers have identified multiple samples of two previously unknown Linux backdoors: WolfsBane and FireWood.
-
Chinese APT Gelsemium Targets Linux Systems with New WolfsBane Backdoor
The China-aligned advanced persistent threat (APT) actor known as Gelsemium has been observed using a new Linux backdoor dubbed WolfsBane as part of cyber attacks likely targeting East and Southeast Asia.
-
Unveiling WolfsBane: Gelsemium’s Linux counterpart to Gelsevirine
ESET researchers analyzed previously unknown Linux backdoors that are connected to known Windows malware used by the China-aligned Gelsemium group, and to Project Wood
-
Chinese APT Gelsemium Deploys 'Wolfsbane' Linux Variant
In a sign of the times, a backdoor malware whose ancestors date back to 2005 has morphed to target Linux systems.
Two well-documented Chinese backdoors have recently been modified to operate on Linux systems.
-
Chinese hackers target Linux with new WolfsBane malware
A new Linux backdoor called 'WolfsBane' has been discovered, believed to be a port of Windows malware used by the Chinese 'Gelsemium' hacking group.
-
China-linked hackers target Linux systems with new spying malware
The group deployed Linux backdoors in a campaign likely focused on Taiwan, the Philippines, and Singapore.
-
Chinese hackers exploit GNU/Linux with new WolfsBane malware
ESET researchers uncover "WolfsBane," a GNU/Linux backdoor linked to the China-based Gelsemium group.
-
Unmasking WolfsBane: Gelsemium’s New Linux Weapon
ESET researchers have uncovered WolfsBane, a Linux cyberespionage backdoor attributed with high confidence to the Gelsemium advanced persistent threat (APT) group. This discovery is a major development, as it is the first public report of Gelsemium deploying Linux malware.
-
Novel WolfsBane backdoor leveraged in Chinese attacks against Linux systems
Attacks with Wolfsbane — which is suspected to be a port of Gelsemium's Windows malware — commence with the deployment of the 'cron' dropper delivering the KDE desktop component-spoofing launcher, which deactivates SELinux and alters user configuration files before triggering the privacy malware component that has file operation, data theft, and system manipulation command support, an analysis from ESET revealed. Also discovered to be leveraged by Gelsemium in targeting Linux systems was the FireWood backdoor, which features shell command execution, file operation, and data exfiltration capabilities. However, such a tool may have been shared with other Chinese APTs. Mounting adoption of endpoint detection and response tools, as well as Microsoft's default deactivation of Visual Basic for Applications macros may have prompted increased utilization of Linux malware, according to ESET. "Consequently, threat actors are exploring new attack avenues, with a growing focus on exploiting vulnerabilities in internet-facing systems, most of which run on Linux," ESET added.
-
In Other News: Nvidia Fixes Critical Flaw, Chinese Linux Backdoor, New Details in WhatsApp-NSO Lawsuit
-
Linux devices hit with even more new malware, this time from Chinese hackers
Chinese hackers have built new all-in-one malware to target Linux devices, a new report from cybersecurity researchers ESET, have said.