Bonum Certa Men Certa

ESET Finds Rootkits, Does Not Explain How They Get Installed, Media Says It Means "Previously Unknown Linux Backdoors" (Useful Distraction From CALEA and CALEA2)

posted by Roy Schestowitz on Nov 24, 2024

FUD watch: In the trailing citations, all the following links are a form of FUD (Fear, Uncertainty, Doubt), fear-mongering, and dramatisation. We must contextualise those.

Microsoft and ESET

TODAY we belatedly catch up with FUD [1-12] (after spending a week with family). The articles below are probably not the end of it, but it's all we've found so far.

So some of these articles are pure FUD and barely accessible (or probably skippable, as an associate said, due to either of these issues). We don't want to comment on each of these individually but instead remind people of ESET's collaborations with Microsoft. ESET habitually spreads anti-Linux 'studies' or 'research' at strategic (to Microsoft) times.

Looking at one "sample" of the FUD (not Microsoft-connected site, unlike some of the sites below), the associate said: "Rootkits are not a big deal [and] if the article does not give a hint about delivery. It seems like mostly a FUD campaign."

I had noticed the same and sought a second opinion. They also misuse the term "backdoor" and try to imply that Linux itself has back doors.

Why now? What's the point of this?

Well, there are real back doors being exploited by China and they're nothing to do with "Linux". The media mentioned them a few days ago, but it blamed "China" instead of those who put the back doors in there. As the associate said, "there's no mention of the real culprit, CALEA and CALEA2.

So what we have are real issues - an abundance of back doors, including the ones in Microsoft's products. But instead the media talks about "Linux", citing an Estonian partner of Microsoft.

"The Microsoft Effect," as the associate put it, implies that "all computers are insecure at some level so stay with Microsoft even though there are drastic differences in the levels of insecurity between Microsoft and non-Microsoft systems."

In one of the pieces below, "Microsoft mouthpieces try to play it up," our associate concluded.

While it's unwise to give visibility or publicity to bad pieces, adding some context to them and framing them as FUD can hopefully help.

Related/contextual items from the news:

  1. Gelsemium APT Hackers Attacking Linux Servers With New WolfsBane Malware

    A new Linux backdoor named WolfsBane has been recently uncovered by the ESET researchers, attributed to the Gelsemium advanced persistent threat (APT) group.

    This discovery marks the first public report of Gelsemium using Linux malware, signaling a shift in their operational strategy. WolfsBane is identified as the Linux counterpart of Gelsevirine, a known Windows malware used by Gelsemium.

  2. Researchers unearth two previously unknown Linux backdoors

    ESET researchers have identified multiple samples of two previously unknown Linux backdoors: WolfsBane and FireWood.

  3. Chinese APT Gelsemium Targets Linux Systems with New WolfsBane Backdoor

    The China-aligned advanced persistent threat (APT) actor known as Gelsemium has been observed using a new Linux backdoor dubbed WolfsBane as part of cyber attacks likely targeting East and Southeast Asia.

  4. Unveiling WolfsBane: Gelsemium’s Linux counterpart to Gelsevirine

    ESET researchers analyzed previously unknown Linux backdoors that are connected to known Windows malware used by the China-aligned Gelsemium group, and to Project Wood

  5. Chinese APT Gelsemium Deploys 'Wolfsbane' Linux Variant

    In a sign of the times, a backdoor malware whose ancestors date back to 2005 has morphed to target Linux systems.

    Two well-documented Chinese backdoors have recently been modified to operate on Linux systems.

  6. Chinese hackers target Linux with new WolfsBane malware

    A new Linux backdoor called 'WolfsBane' has been discovered, believed to be a port of Windows malware used by the Chinese 'Gelsemium' hacking group.

  7. China-linked hackers target Linux systems with new spying malware

    The group deployed Linux backdoors in a campaign likely focused on Taiwan, the Philippines, and Singapore.

  8. Chinese hackers exploit GNU/Linux with new WolfsBane malware
    ESET researchers uncover "WolfsBane," a GNU/Linux backdoor linked to the China-based Gelsemium group.
  9. Unmasking WolfsBane: Gelsemium’s New Linux Weapon

    ESET researchers have uncovered WolfsBane, a Linux cyberespionage backdoor attributed with high confidence to the Gelsemium advanced persistent threat (APT) group. This discovery is a major development, as it is the first public report of Gelsemium deploying Linux malware.

  10. Novel WolfsBane backdoor leveraged in Chinese attacks against Linux systems

    Attacks with Wolfsbane — which is suspected to be a port of Gelsemium's Windows malware — commence with the deployment of the 'cron' dropper delivering the KDE desktop component-spoofing launcher, which deactivates SELinux and alters user configuration files before triggering the privacy malware component that has file operation, data theft, and system manipulation command support, an analysis from ESET revealed. Also discovered to be leveraged by Gelsemium in targeting Linux systems was the FireWood backdoor, which features shell command execution, file operation, and data exfiltration capabilities. However, such a tool may have been shared with other Chinese APTs. Mounting adoption of endpoint detection and response tools, as well as Microsoft's default deactivation of Visual Basic for Applications macros may have prompted increased utilization of Linux malware, according to ESET. "Consequently, threat actors are exploring new attack avenues, with a growing focus on exploiting vulnerabilities in internet-facing systems, most of which run on Linux," ESET added.

  11. In Other News: Nvidia Fixes Critical Flaw, Chinese Linux Backdoor, New Details in WhatsApp-NSO Lawsuit
  12. Linux devices hit with even more new malware, this time from Chinese hackers

    Chinese hackers have built new all-in-one malware to target Linux devices, a new report from cybersecurity researchers ESET, have said.

Other Recent Techrights' Posts

Red Hat: Thank You, Microsoft. Here's Your Paid-for Puff Pieces From Our Media Partner!
Sort of like "money laundering" (or funnelling of bribes) for bribed "journalists"
Links 13/12/2024: Military Buildup Around Taiwan, More Health Problems Associated With Social Control Media Illuminated
Links for the day
 
Links 14/12/2024: Adobe's Shares Collapse, Apple Publishes Fake News With LLMs
Links for the day
Links 14/12/2024: ChatGPT Down, Microsofter Bracing for Layoffs
Links for the day
Gemini Links 13/12/2024: Firing at Work, jujutsu, and Gemini Mode
Links for the day
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Friday, December 13, 2024
IRC logs for Friday, December 13, 2024
Links 13/12/2024: British Journalism Awards and Censorship by Copyright Misuse
Links for the day
Gemini Links 13/12/2024: "Virtue Signaling", Gopher, HTML and the 90s Web Aesthetic
Links for the day
Maybe - and Hopefully - More News Sites Will Go "Static" (More New Material Published But Established Pages Served Directly From the File System)
Keeping things simple and light is important for the sake of scaling
[Meme] Vendor Capture for 'Civility's Sake'
"I CoCed him already"
[Teaser] The EPO is Still Calling Monopolies "Products"
Coming soon
Anonymity for Sources
At the moment we can learn about stories in person or in encrypted voice chat
What Topics We Prioritise
On fishing for topics to cover
Why We Cover the Topics That We've Long Focused on (by Choice)
We'll continue to cover suppressed issues because such issues are usually obstructed
[Meme] The Reasonable Man
"The reasonable man adapts himself to the world"
Oligarch-Owned Media Twists the Narrative and Demands More Surveillance
Corruption is the real issue here
Windows Falls to Single-Digit "Market Share" in Benin
Windows has fallen even further
[Meme] Doing Online Activism in Social Control Media
Dictators have always loved lists
Gemini Links 13/12/2024: Creative Moods, Berkeley DB, and More
Links for the day
Microsoft Windows Falls to New All-Time Low in Guatemala (Less Than a Quarter)
When it comes to operating systems, we don't think we've mentioned it before
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Thursday, December 12, 2024
IRC logs for Thursday, December 12, 2024
[Meme] Leave My /home Alone
A new version of Systemd
There's a New Version of Lagrange (Gemini Reader) and Its Developer is Making an IDE/Editor
I share or reciprocate almost anything I can through Gemini Protocol
International Troll Alert by Helen Plews
Helen Plews from Cybershow has this new article
Nick's Job at OSI: Promote Microsoft, Promote Proprietary Software
This is what Microsoft pays him to do
[Meme] Award-Winning Back-stabbing Opportunists
part of the rebel alliance
The FSF (Free Software Foundation, Inc.) Can Reach Its Funding Goal of $400,000. This Bothers the Imposters and Foes of the FSF.
Software Freedom is something we must perpetually fight for
Azerbaijan Rejects Microsoft
Azerbaijan seems to have very little interest in Microsoft
Linux Foundation Pays for LLM Slop (Puff Pieces Made by Bots) About the Linux Foundation
The so-called Linux Foundation is responsible for the production of spam and slop
[Meme] You Just Grab Him by the CoC
Sponsors of Python Software Foundation... "You don't like Python's corporate sponsor?"
Explaining What Deb Nicholson Does to the Python Software Foundation
Of course the OSI, which Nicholson also occupied, still helps Microsoft attack copyleft
IBM Said to Be Firing People Days Before Christmas
IBM is entering taboo territories
Microsoft Falls to Just 11% in Ivory Coast
Microsoft tried hard to catch up in mobile
General Consultative Committee (GCC) Meeting at the European Patent Office (EPO) Shows Existing Problems
the "real problems" and why "digitalisation" doesn't solve them
Links 12/12/2024: Shell Settles With Greenpeace, DOJ Whistleblower Pilot Program
Links for the day
Gemini Links 12/12/2024: AuraGem TV and Advent of Code 2024
Links for the day
Fake "Linux" News, Produced by Microsoft Chatbots in 'Brittany Day' or "LinuxSecurity" Clothing
She's back at it
Microsoft OSI Promoting GitHub, Which is Proprietary and a Massive GPL Violator
OSI works for Microsoft, speaks for Microsoft, promotes proprietary software
Links 12/12/2024: Another 'Self-driving' Cars Dead End, Infowars Sale Blocked by Court
Links for the day
Links 12/12/2024: "Hey Hi" Hype Debunked, ActivityPub and Gemini Software on Same Server
Links for the day
Google Has Only Solidified Its Search Monopoly in Africa Since Microsoft's Chatbot/LLM Hype Started
Africa is basically a "Failed Market" to Microsoft
[Teaser] EPO is Running Out of Brains
EPO has been in the business of offering fake patents
South Korea Has Its Own Alternative to IBM's Proprietary RHEL
Owing to the Open Enterprise Linux Association (OpenELA)
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Wednesday, December 11, 2024
IRC logs for Wednesday, December 11, 2024