Emerging Linux Backdoors: Chinese Hackers Unleash Unprecedented Cyber Espionage Attacks

Chinese hackers linked to the APT10 group have developed a new Linux backdoor called SprySOCKS, which combines functions from the Windows backdoor Trochilus with a new Socket Secure (SOCKS) implementation. SprySOCKS allows the threat actors to collect system information, open remote shells, list network connections, and create a proxy for uploading files. The backdoor is currently under development, and it has been attributed to a threat actor known as Earth Lusca, which targets governments in Asia and is financially motivated. The same server hosting SprySOCKS also delivered the hacking tool Cobalt Strike and the malware Winnti.