ESET researchers analyzed a new Linux backdoor, which they named “WolfsBane” and believed that the Chinese ‘Gelsemium’ hacking group targeted Linux with this Windows malware.
Additionally, the researchers unveiled another Linux malware called ‘FireWood,’ which linked to Project Wood Windows malware.
The two malware are designed for cyberespionage and target sensitive data including system information, user data, and specific files and manuals. It is considered that FireWood could be a tool shared among various Chinese APT groups.
ESET researcher, Viktor Šperka said in his blog post:
“The trend of APT groups focusing on Linux malware is becoming more noticeable. We believe this shift is due to improvements in Windows email and endpoint security, such as the widespread use of endpoint detection and response (EDR) tools and Microsoft’s decision to disable Visual Basic for Applications (VBA) macros by default. Consequently, threat actors are exploring new attack avenues, with a growing focus on exploiting vulnerabilities in internet-facing systems, most of which run on Linux.”
The following similarities revealed that Linux malware “WolfsBane” is linked to Windows Gelsevirine. It apparently indicates WolfsBane belongs to the Gelsemium APT group. (Cybersecurity news covered these key features)
Furthermore, the researchers attribute FireWood to Project Wood by the following key features.
However, the WolfsBane Windows malware can attack in the Dropper, Launcher, and Backdoor stages. You can find Gelsemium’s latest campaigns available on this GitHub repository.
Subscribe to our newsletter and get top Tech, Gaming & Streaming latest news, updates and amazing offers delivered directly in your inbox.