Tag

Sprysocks

All articles tagged with #sprysocks

Emerging Linux Backdoors: Chinese Hackers Unleash Unprecedented Cyber Espionage Attacks

Originally Published 2 years ago — by Ars Technica

Chinese hackers linked to the APT10 group have developed a new Linux backdoor called SprySOCKS, which combines functions from the Windows backdoor Trochilus with a new Socket Secure (SOCKS) implementation. SprySOCKS allows the threat actors to collect system information, open remote shells, list network connections, and create a proxy for uploading files. The backdoor is currently under development, and it has been attributed to a threat actor known as Earth Lusca, which targets governments in Asia and is financially motivated. The same server hosting SprySOCKS also delivered the hacking tool Cobalt Strike and the malware Winnti.

technology cybersecurity apt10 chinese-hackers cybersecurity linux-backdoor sprysocks trochilus

SprySOCKS: The Latest Linux Malware Unleashing Cyber Espionage Attacks

Originally Published 2 years ago — by BleepingComputer

Chinese hacker group Earth Lusca has been targeting government agencies worldwide with a new Linux backdoor called SprySOCKS. The malware, which originated from the Trochilus Windows malware, has been adapted for Linux systems and combines features from other malware. Earth Lusca exploits n-day vulnerabilities to gain initial access and deploys Cobalt Strike beacons for remote access. The SprySOCKS loader is dropped to establish persistence and perform various malicious activities, including collecting system information, starting an interactive shell, managing SOCKS proxy configurations, and conducting basic file operations. Organizations are advised to apply security updates to prevent compromise from Earth Lusca.

technology cybersecurity cyber-espionage cybersecurity earth-lusca government-agencies linux-malware sprysocks