Many organizations choose the Linux operating system for their strategically important servers and systems, not least because it is considered more secure and less vulnerable to cyber threats than Windows. This is especially true for mass malware attacks, but not for advanced persistent threats (APT). Experts from Kaspersky have recently observed a trend of more and more cybercriminals target Linux systems and at the same time develops tools focused on this operating system.
Over the past eight years, experts have noted about a dozen APT cybercriminals or groups using Linux-targeted malware or similar modules. These include notorious bands such as Barium, Sofacy, Lamberts, Equation or the recent LightSpy campaigns from TwoSail Junk and WellMess. Thanks to the diversification of their arsenal and its extension to Linux tools, cybercriminals are able to carry out their malicious activities more efficiently and with greater reach,
it is written in a report by Kaspersky.
Many large corporations across all continents have been using Linux more often in recent years as the main operating system on their computers. This trend also applies to government computers, which is why we are more likely to encounter threats targeting this platform. The myth that hackers are very unlikely to attack Linux due to its low popularity only leaves room for other cyber threats.
Although targeted attacks on Linux are still a rarity, malware designed for this type of attack exists, including webshells, backdoors, rootkits, and even customized exploits. In addition, a successful Linux infection often has far-reaching consequences, with hackers having access not only to the infected device, but also to devices running Windows or macOS.
For example, the Russian-speaking group Turla, known for its covert filtering tactics, has significantly changed its tools, including Linux backdoors, over the years. The new version of the Penguin_x64 Linux backdoor, first detected from the region this year, infected dozens of servers in Europe and the USA by July, according to Kaspersky’s telemetry.
Another example is the Korean-speaking group Lazarus, which is also continuing to diversify its tools and develop malware targeting non-Windows OS. Kaspersky recently reported on the cross-platform structure of MATA, analyzing new samples in July related to the “Operation AppleJeus” and “TangoDaiwbo” campaigns used in financial and espionage attacks. These analyzed samples contained Linux malware.
–
–