TZUTC: -0500   
   MSGID: 8371.fi-linux@1:2320/105 2ba75913   
   PID: Synchronet 3.20a-Linux master/acc19483f Apr 26 202 GCC 12.2.0   
   TID: SBBSecho 3.20-Linux master/acc19483f Apr 26 2024 23:04 GCC 12.2.0   
   BBSID: CAPCITY2   
   CHRS: ASCII 1   
    * Originally in: TQW_GENTEC   
    * Originally on: 11-22-24 15:30   
    * Originally by: TechnologyDaily   
      
   Linux devices hit with even more new malware, this time from Chinese hackers   
      
   Date:   
   Fri, 22 Nov 2024 15:29:00 +0000   
      
   Description:   
   WolfsBane is an all-in-one malware solution hitting Linux systems, experts   
   warn.   
      
   FULL STORY   
      
   Chinese hackers have built new all-in-one malware to target Linux devices, a   
   new report from cybersecurity researchers ESET , have said.    
      
   The WolfsBane malware features a dropper, launcher, a backdoor, and a    
   modified open-source rootkit for detection evasion. While not completely   
   outlandish, the approach is rather unconventional, since most hacking groups   
   will develop just one of these features, and use other peoples solutions for   
   the rest.    
      
   That being said, WolfsBanes key ability is to grant its operators total   
   control over the compromised system. It can execute commands coming in from   
   the C2 server, exfiltrate data, and ultimately - manipulate the system.   
      
   Gelsemium is active    
      
   ESET doesnt know for certain how the attackers accessed the target systems to   
   deploy the malware in the first place, but assesses with medium confidence   
   that the group exploited an unknown web application vulnerability.    
      
   The group, in this instance, is called Gelsemium, suggesting that it has at   
   least one herbalist in its ranks. Itis a relatively known Chinese group,   
   active since at least 2014. It mostly targets government institutions,   
   educational organizations, electronics manufacturers, and religious   
   institutions. The majority of its victims are located in East Asia and the   
   Middle Easts.    
      
   ESET also suggests that the group decided to target Linux since Windows   
   defenses have been getting better lately.    
      
   "The trend of APT groups focusing on Linux malware is becoming more   
   noticeable, ESET said.    
      
   We believe this shift is due to improvements in Windows email and endpoint   
   security, such as the widespread use of endpoint detection and response (EDR)   
   tools and Microsoft's decision to disable Visual Basic for Applications (VBA)   
   macros by default. Consequently, threat actors are exploring new attack   
   avenues, with a growing focus on exploiting vulnerabilities in    
   internet-facing systems, most of which run on Linux."    
      
    Via BleepingComputer   
      
   ======================================================================   
   Link to news story:   
   https://www.techradar.com/pro/security/linux-devices-hit-with-even-more-new-ma   
   lware-this-time-from-chinese-hackers   
      
   $$   
   --- SBBSecho 3.20-Linux   
    * Origin: capitolcityonline.net * Telnet/SSH:2022/HTTP (1:2320/105)   
   SEEN-BY: 10/0 1 18/200 103/705 104/119 105/81 106/201 116/17 18 120/616   
   SEEN-BY: 124/5016 128/187 129/305 153/757 7001 7715 154/10 30 50 700   
   SEEN-BY: 203/0 218/0 1 601 700 870 930 940 220/20 90 221/0 6 226/18   
   SEEN-BY: 226/30 44 50 227/114 229/110 111 114 206 300 310 317 400   
   SEEN-BY: 229/426 428 470 550 616 664 700 240/1120 5832 266/512 280/464   
   SEEN-BY: 280/5003 282/1038 291/111 292/854 8125 301/1 310/31 320/219   
   SEEN-BY: 322/757 341/66 234 342/200 396/45 423/120 460/58 467/888   
   SEEN-BY: 633/280 712/848 770/1 902/26 2320/0 105 108 304 401 3634/12   
   SEEN-BY: 5020/400 545 5075/35   
   PATH: 2320/105 154/10 280/464 103/705 218/700 229/426