Linux Kernel Security Update Advisory
Overview We have released a security update to address a vulnerability in the Linux kernel. Affected product users are advised to update to the latest version. Affected Products CVE-2024-53197, CVE-2024-53150 Linux Kernel Versions: 4.19.325 and earlierLinux Kernel Version: 5.4.287 and earlierLinux Kernel Version: 5.10.231 and
cShell DDoS Bot Attack Case Targeting Linux SSH Server (screen and hping3)
AhnLab SEcurity intelligence Center (ASEC) monitors attacks against poorly managed Linux servers using multiple honeypots. Among the prominent honeypots are SSH services using weak credential information, which are targeted by numerous DDoS and CoinMiner threat actors. ASEC recently identified a new DDoS malware strain targeting Linux servers while monitoring numerous
BPFDoor Linux Malware Detected by AhnLab EDR
BPFDoor is a backdoor using the Berkeley Packet Filter (BPF), first revealed through a threat report by PWC in 2021 [1]. According to the report, the China-based threat actor Red Menshen has been using BPFDoor for several years in attacks targeting the Middle East and Asia regions, with its source
Linux Persistence Techniques Detected by AhnLab EDR (1)
Persistence techniques refer to methods employed by threat actors to maintain a connection to the target system after infiltration. As a single breach may not be enough to achieve all their goals, threat actors look for ways to re-access the system. Persistence can be maintained by configuring the malware to
Linux Kernel Security Update Advisory
Overview An update has been made available to address a vulnerability in the Linux Kernel....
Linux Defense Evasion Techniques Detected by AhnLab EDR (2)
The blog post “Linux Defense Evasion Techniques Detected by AhnLab EDR (1)” [1] covered methods where the threat actors and malware strains attacked Linux servers before incapacitating security services such as firewalls and security modules and then concealing the installed malware. This post will cover additional defense evasion techniques against
Analysis of Pupy RAT Used in Attacks Against Linux Systems
Pupy is a RAT malware strain that offers cross-platform support. Because it is an open-source program published on GitHub, it is continuously being used by various threat actors including APT groups. For example, it is known to have been used by APT35 (said to have ties to Iran) [1] and
Statistical Report on Malware Targeting Linux SSH Servers in Q1 2024
Overview AhnLab SEcurity intelligence Center (ASEC) uses honeypots to respond to and categorize brute force or dictionary attacks targeting poorly managed Linux SSH servers. This report will cover the status of attack sources identified in the first quarter of 2024 based on logs, as well as statistics on attacks
Analysis of Nood RAT Used in Attacks Against Linux (Gh0st RAT’s Variant)
AhnLab SEcurity intelligence Center (ASEC) recently discovered that Nood RAT is being used in malware attacks. Nood RAT is a variant of Gh0st RAT that works in Linux. Although the number of Gh0st RAT for Linux is fewer compared to Gh0st RAT for Windows, the cases of Gh0st RAT for
BlueShell Used in Attacks Against Linux Systems in Korea (2)
AhnLab SEcurity intelligence Center (ASEC) previously uploaded the article “BlueShell Used in APT Attacks Against Korean and Thai Targets” [1] on the ASEC blog which introduced BlueShell malware strains that were used against Linux systems in Thailand and Korea. The threat actor customized the BlueShell backdoor malware for their attack, and
