Michael Lazin via plug on 24 Mar 2021 13:41:54 -0700


[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

Re: [PLUG] Chinese state hackers - new linux malware

Usually, the first targets are web servers.  This is for two reasons.  Internet-facing servers are obviously outside the DMZ and open to attacks.  Internal web servers can be targets if they are already inside because they are easy launching pads for launching internal to internal attacks to make a lateral movement.  Web exploits are common. 

Michael Lazin

.. τὸ γὰρ αὐτὸ νοεῖν ἐστίν τε καὶ εἶναι.


On Wed, Mar 24, 2021 at 3:59 PM Fred Stluka via plug <plug@lists.phillylinux.org> wrote:
Jeff,

Any idea how this attack gets in to a Linux server?  Or is it only
a threat once it has broken in through some other exploit?  Also,
any easy way to scan a system to see if it's there?  I didn't see
answers to these questions at the link you posted, and didn't
easily google answers either.

Thanks!
--Fred
------------------------------------------------------------------------
Fred Stluka -- http://bristle.com -- Glad to be of service!
Open Source: Without walls and fences, we need no Windows or Gates.
------------------------------------------------------------------------

On 3/11/21 2:37 PM, jeffv via plug wrote:
> https://www.bleepingcomputer.com/news/security/chinese-state-hackers-target-linux-systems-with-new-malware/
>
>
> Security researchers at Intezer have discovered a previously
> undocumented backdoor dubbed RedXOR, with links to a Chinese-sponsored
> hacking group and used in ongoing attacks targeting Linux systems.
>
> ___________________________________________________________________________
>
> Philadelphia Linux Users Group         -- http://www.phillylinux.org
> Announcements -
> http://lists.phillylinux.org/mailman/listinfo/plug-announce
> General Discussion  -- http://lists.phillylinux.org/mailman/listinfo/plug

___________________________________________________________________________
Philadelphia Linux Users Group         --        http://www.phillylinux.org
Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce
General Discussion  --   http://lists.phillylinux.org/mailman/listinfo/plug
___________________________________________________________________________
Philadelphia Linux Users Group         --        http://www.phillylinux.org
Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce
General Discussion  --   http://lists.phillylinux.org/mailman/listinfo/plug