A pervasive cyber-espionage group referred to as Iron Tiger, believed to be out of China, has up to date certainly one of its malware frameworks to assault Linux-based programs.
Researchers at Trend Micro not too long ago found that Iron Tiger (aka Emissary Panda or APT27) had added new options to its so known as SysUpdate malware household, which permits it to contaminate Linux platforms along with Windows. SysUpdate abuses system providers, grabs screenshots, browses and terminates processes, retrieves drive data, executes instructions, and might discover, delete, rename, add, and obtain information in addition to peruse a sufferer’s file listing.
One different new function the agency discovered with the latest model of SysUpdate: command-and-control communications through DNS TXT requests. “While DNS just isn’t alleged to be a communication protocol, the attacker abuses this protocol to ship and obtain data,” the researchers wrote in a weblog submit about their findings.
Iron Tiger was amongst a gaggle of 5 cyber-espionage teams flagged in 2020 by BlackBerry as focusing on Linux-based programs.