| Fred Stluka via plug on 29 Mar 2021 06:05:22 -0700 |
[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]
| Re: [PLUG] Chinese state hackers - new linux malware |
Brent, Yeah, egress filtering is a good idea. Thanks! C2C? I googled it. Found: - Customer to Customer -- Like B2B (Business to Business) - Cam to Cam -- Modern lingo about webcam chats - Corp to Corp -- 1099's like I use with my clients - Consumer to Consumer -- like the Uber business model - etc. I'm not sure you meant any of these. Other? Digging a little deeper I found: - C&C -- Command And Control infrastructure - Comply to Connect -- software to ensure compliance (control and identity) of devices trying to connect Am I getting close? Thanks! --Fred ------------------------------------------------------------------------ Fred Stluka -- http://bristle.com -- Glad to be of service! Open Source: Without walls and fences, we need no Windows or Gates. ------------------------------------------------------------------------ On 3/24/21 4:52 PM, brent saner via plug wrote:
From what I was able to find, an infection doesn't even profile the host system until it reaches a box in the C2C pool.Use strict egress filtering and you should be fine until detection/cleanup meyhods are developed/published.sent from my toaster.On Wed, Mar 24, 2021, 15:59 Fred Stluka via plug <plug@lists.phillylinux.org <mailto:plug@lists.phillylinux.org>> wrote:Jeff, Any idea how this attack gets in to a Linux server? Or is it only a threat once it has broken in through some other exploit? Also, any easy way to scan a system to see if it's there? I didn't see answers to these questions at the link you posted, and didn't easily google answers either. Thanks! --Fred ------------------------------------------------------------------------ Fred Stluka -- http://bristle.com <http://bristle.com> -- Glad to be of service! Open Source: Without walls and fences, we need no Windows or Gates. ------------------------------------------------------------------------ On 3/11/21 2:37 PM, jeffv via plug wrote: > https://www.bleepingcomputer.com/news/security/chinese-state-hackers-target-linux-systems-with-new-malware/ <https://www.bleepingcomputer.com/news/security/chinese-state-hackers-target-linux-systems-with-new-malware/> > > > Security researchers at Intezer have discovered a previously > undocumented backdoor dubbed RedXOR, with links to a Chinese-sponsored > hacking group and used in ongoing attacks targeting Linux systems. > > ___________________________________________________________________________ > > Philadelphia Linux Users Group -- http://www.phillylinux.org <http://www.phillylinux.org> > Announcements - > http://lists.phillylinux.org/mailman/listinfo/plug-announce <http://lists.phillylinux.org/mailman/listinfo/plug-announce> > General Discussion -- http://lists.phillylinux.org/mailman/listinfo/plug <http://lists.phillylinux.org/mailman/listinfo/plug> ___________________________________________________________________________ Philadelphia Linux Users Group -- http://www.phillylinux.org <http://www.phillylinux.org> Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce <http://lists.phillylinux.org/mailman/listinfo/plug-announce> General Discussion -- http://lists.phillylinux.org/mailman/listinfo/plug <http://lists.phillylinux.org/mailman/listinfo/plug> ___________________________________________________________________________ Philadelphia Linux Users Group -- http://www.phillylinux.org Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce General Discussion -- http://lists.phillylinux.org/mailman/listinfo/plug
___________________________________________________________________________ Philadelphia Linux Users Group -- http://www.phillylinux.org Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce General Discussion -- http://lists.phillylinux.org/mailman/listinfo/plug