TZUTC: -0500   
   MSGID: 8372.fi-linux@1:2320/105 2bacdd32   
   REPLY: 8371.fi-linux@1:2320/105 2ba75913   
   PID: Synchronet 3.20a-Linux master/acc19483f Apr 26 202 GCC 12.2.0   
   TID: SBBSecho 3.20-Linux master/acc19483f Apr 26 2024 23:04 GCC 12.2.0   
   BBSID: CAPCITY2   
   CHRS: ASCII 1   
      
   >  * Originally in: TQW_GENTEC   
   >  * Originally on: 11-22-24 15:30   
   >  * Originally by: TechnologyDaily   
      
   > Linux devices hit with even more new malware, this time from Chinese hackers   
      
   > Date:   
   > Fri, 22 Nov 2024 15:29:00 +0000   
      
   > Description:   
   > WolfsBane is an all-in-one malware solution hitting Linux systems, experts   
   > warn.   
      
   > FULL STORY   
      
   > Chinese hackers have built new all-in-one malware to target Linux devices, a   
   > new report from cybersecurity researchers ESET , have said.    
      
   > The WolfsBane malware features a dropper, launcher, a backdoor, and a   
   > modified open-source rootkit for detection evasion. While not completely   
   > outlandish, the approach is rather unconventional, since most hacking groups   
   > will develop just one of these features, and use other peoples solutions for   
   > the rest.    
      
   > That being said, WolfsBanes key ability is to grant its operators total   
   > control over the compromised system. It can execute commands coming in from   
   > the C2 server, exfiltrate data, and ultimately - manipulate the system.   
      
   > Gelsemium is active    
      
   > ESET doesnt know for certain how the attackers accessed the target systems to   
   > deploy the malware in the first place, but assesses with medium confidence   
   > that the group exploited an unknown web application vulnerability.    
      
   > The group, in this instance, is called Gelsemium, suggesting that it has at   
   > least one herbalist in its ranks. Itis a relatively known Chinese group,   
   > active since at least 2014. It mostly targets government institutions,   
   > educational organizations, electronics manufacturers, and religious   
   > institutions. The majority of its victims are located in East Asia and the   
   > Middle Easts.    
      
   > ESET also suggests that the group decided to target Linux since Windows   
   > defenses have been getting better lately.    
      
   > "The trend of APT groups focusing on Linux malware is becoming more   
   > noticeable, ESET said.    
      
   > We believe this shift is due to improvements in Windows email and endpoint   
   > security, such as the widespread use of endpoint detection and response (EDR)   
   > tools and Microsoft's decision to disable Visual Basic for Applications (VBA)   
   > macros by default. Consequently, threat actors are exploring new attack   
   > avenues, with a growing focus on exploiting vulnerabilities in    
   > internet-facing systems, most of which run on Linux."    
      
   >  Via BleepingComputer   
      
   > ======================================================================   
   > Link to news story: https://www.techradar.com/pro/security/linux-devices-hit-   
   > with-even-more-new-ma lware-this-time-from-chinese-hackers   
      
   > $$   
      
      
   Another good to read article.   
   Thanks Mike.   
   Ed   
   --- SBBSecho 3.20-Linux   
    * Origin: capitolcityonline.net * Telnet/SSH:2022/HTTP (1:2320/105)   
   SEEN-BY: 18/200 103/705 104/119 105/81 106/201 116/17 18 120/616 124/5016   
   SEEN-BY: 128/187 129/305 153/757 7001 7715 154/10 30 50 700 203/0   
   SEEN-BY: 218/700 220/20 90 221/0 6 226/18 30 44 50 227/114 229/110   
   SEEN-BY: 229/111 114 206 300 310 317 400 426 428 470 550 616 664 700   
   SEEN-BY: 240/1120 5832 266/512 280/464 5003 282/1038 291/111 292/854   
   SEEN-BY: 292/8125 301/1 310/31 320/219 322/757 341/66 234 342/200   
   SEEN-BY: 396/45 423/120 460/58 256 1124 5858 467/888 633/280 712/848   
   SEEN-BY: 770/1 902/26 2320/0 105 108 304 401 3634/12 5020/400 545   
   SEEN-BY: 5054/30 5075/35   
   PATH: 2320/105 154/10 280/464 460/58 229/426