All articles tagged with #linux backdoor
Security experts are investigating the identity of "Jia Tan," the coder responsible for the XZ Utils Linux backdoor, suspecting that they may not have acted alone due to the backdoor's sophisticated design and long-term plan. Research suggests that Tan's uploads were linked to China's time zone, with some occurring during notable Chinese holidays, raising questions about their potential connections and motives.
Chinese hackers linked to the APT10 group have developed a new Linux backdoor called SprySOCKS, which combines functions from the Windows backdoor Trochilus with a new Socket Secure (SOCKS) implementation. SprySOCKS allows the threat actors to collect system information, open remote shells, list network connections, and create a proxy for uploading files. The backdoor is currently under development, and it has been attributed to a threat actor known as Earth Lusca, which targets governments in Asia and is financially motivated. The same server hosting SprySOCKS also delivered the hacking tool Cobalt Strike and the malware Winnti.