Close Menu
Indo Guard OnlineIndo Guard Online
  • Home
  • Cyber Security
  • Risk Management
  • Travel
  • Security News
  • Tech
  • More
    • Data Privacy
    • Data Protection
    • Global Security
What's Hot

Critical vulnerability in Anthropic MCP exposes machines for remote feats

July 1, 2025

Ta829 and Unk_greensec share tactics and infrastructure in current malware

July 1, 2025

A new drawback in the IDES as a Visual Studio code allows for malicious bypassing bypassing the verified status

July 1, 2025
Facebook X (Twitter) Instagram
Facebook X (Twitter) Instagram YouTube
Indo Guard OnlineIndo Guard Online
Subscribe
  • Home
  • Cyber Security
  • Risk Management
  • Travel
  • Security News
  • Tech
  • More
    • Data Privacy
    • Data Protection
    • Global Security
Indo Guard OnlineIndo Guard Online
Home » Chinese Gelsemium APT targets Linux systems with new WolfsBane backdoor
Global Security

Chinese Gelsemium APT targets Linux systems with new WolfsBane backdoor

AdminBy AdminNovember 21, 2024No Comments2 Mins Read
Chinese APT Gelsemium
Share
Facebook Twitter LinkedIn Pinterest Email Copy Link


November 21, 2024Ravi LakshmananCyber ​​espionage / malware

Chinese APT Gelsemium

A Chinese Advanced Persistent Threat (APT) actor known as Gelsemium A new Linux backdoor called WolfsBane has been spotted being used in cyberattacks likely targeting East and Southeast Asia.

That’s it findings from cybersecurity firm ESET based on multiple Linux samples uploaded to the VirusTotal platform from Taiwan, the Philippines, and Singapore in March 2023.

Cyber ​​security

WolfsBane was rated as a Linux version of the threat Gelsevirin backdoor, a Windows malware that was first introduced back in 2014. The company also discovered another previously undocumented implant called FireWood, which is linked to another malware toolkit known as Project Wood.

FireWood was attributed to Gelsemium with low confidence, given the possibility that it could be shared by several China-linked hacking teams.

“The purpose of the identified backdoors and tools is cyber espionage targeting sensitive data such as system information, user credentials, and specific files and directories,” ESET researcher Viktor Shperka said in a report shared by The Hacker News.

Chinese APT Gelsemium

“These tools are designed to maintain constant access and undetectable execution of commands, enabling sustained intelligence gathering while evading detection.”

The exact initial access path used by the threat actors is unknown, although it is suspected that the threat actors used an unknown web application vulnerability to compromise the persistent remote access web shell, using it to deliver the WolfsBane backdoor via a dropper.

Besides using modified open source code TYUK custom rootkit to hide its activity on a Linux host, it is able to execute commands received from a server controlled by the attacker. Similarly, FireWood uses a kernel driver rootkit module called usbdev.ko to hide processes and execute various commands issued by the server.

Cyber ​​security

The use of WolfsBane and FireWood is the first documented use of Gelsemium by Linux malware, indicating that targeting is expanding.

“There seems to be an increasing trend in the APT ecosystem to move malware towards Linux systems,” Sperka said. “From our perspective, this development can be attributed to some advances in email and endpoint security.”

“Continued EDR decisions, along with Microsoft’s default strategy of disabling VBA macros, results in a scenario where adversaries are forced to look for other potential avenues of attack.”

Did you find this article interesting? Follow us Twitter  and LinkedIn to read more exclusive content we publish.





Source link

Share. Facebook Twitter Pinterest LinkedIn Tumblr Email Copy Link
Admin
  • Website

Related Posts

Critical vulnerability in Anthropic MCP exposes machines for remote feats

July 1, 2025

Ta829 and Unk_greensec share tactics and infrastructure in current malware

July 1, 2025

A new drawback in the IDES as a Visual Studio code allows for malicious bypassing bypassing the verified status

July 1, 2025

New Mattery Model for Browser Safety: Closing Risk in Last Mile

July 1, 2025

Google Patches Critical Lack of Zero Day in the V8 Chrome engine after active operation

July 1, 2025

US arrests in North Korean IT -Work scheme; Captures 29 domains and raids 21 laptops

July 1, 2025
Add A Comment
Leave A Reply Cancel Reply

Loading poll ...
Coming Soon
Do You Like Our Website
: {{ tsp_total }}

Subscribe to Updates

Get the latest security news from Indoguardonline.com

Latest Posts

Critical vulnerability in Anthropic MCP exposes machines for remote feats

July 1, 2025

Ta829 and Unk_greensec share tactics and infrastructure in current malware

July 1, 2025

A new drawback in the IDES as a Visual Studio code allows for malicious bypassing bypassing the verified status

July 1, 2025

New Mattery Model for Browser Safety: Closing Risk in Last Mile

July 1, 2025

Google Patches Critical Lack of Zero Day in the V8 Chrome engine after active operation

July 1, 2025

US arrests in North Korean IT -Work scheme; Captures 29 domains and raids 21 laptops

July 1, 2025

Microsoft Removes Password Management from Authenticator app since August 2025

July 1, 2025

American agencies warn of Iranian protection cyber growth, OT networks and critical infrastructure

June 30, 2025
About Us
About Us

Provide a constantly updating feed of the latest security news and developments specific to Indonesia.

Facebook X (Twitter) Pinterest YouTube WhatsApp
Our Picks

Critical vulnerability in Anthropic MCP exposes machines for remote feats

July 1, 2025

Ta829 and Unk_greensec share tactics and infrastructure in current malware

July 1, 2025

A new drawback in the IDES as a Visual Studio code allows for malicious bypassing bypassing the verified status

July 1, 2025
Most Popular

In Indonesia, crippling immigration ransomware breach sparks privacy crisis

July 6, 2024

Why Indonesia’s Data Breach Crisis Calls for Better Security

July 6, 2024

Indonesia’s plan to integrate 27,000 govt apps in one platform welcomed but data security concerns linger

July 6, 2024
© 2025 indoguardonline.com
  • Home
  • About us
  • Contact us
  • Privacy Policy

Type above and press Enter to search. Press Esc to cancel.