Chinese APT Gelsemium Unleashes WolfsBane Malware on Linux Systems
ESET researchers have discovered a new Linux backdoor named WolfsBane, attributed to the Gelsemium APT group, marking the first known use of Linux malware by this China-aligned threat actor. WolfsBane is the Linux counterpart to the Windows-based Gelsevirine backdoor, used for cyberespionage. Another backdoor, FireWood, was also found but is only tentatively linked to Gelsemium. This shift towards Linux malware by APT groups is attributed to enhanced security measures on Windows systems, prompting attackers to target vulnerabilities in Linux-based internet-facing systems.