fbpx
Frame-14

Privacy Ninja

        • DATA PROTECTION

        • CYBERSECURITY

        • Penetration Testing

          Secure your network against various threat points. VA starts at only S$1,000, while VAPT starts at S$4,000. With Price Beat Guarantee!

        • API Penetration Testing
        • Enhance your digital security posture with our approach that identifies and addresses vulnerabilities within your API framework, ensuring robust protection against cyber threats targeting your digital interfaces.

        • On-Prem & Cloud Network Penetration Testing
        • Boost your network’s resilience with our assessment that uncovers security gaps, so you can strengthen your defences against sophisticated cyber threats targeting your network

        • Web Penetration Testing
        • Fortify your web presence with our specialised web app penetration testing service, designed to uncover and address vulnerabilities, ensuring your website stands resilient against online threats

        • Mobile Penetration Testing
        • Strengthen your mobile ecosystem’s resilience with our in-depth penetration testing service. From applications to underlying systems, we meticulously probe for vulnerabilities

        • Cyber Hygiene Training
        • Empower your team with essential cybersecurity knowledge, covering the latest vulnerabilities, best practices, and proactive defence strategies

        • Thick Client Penetration Testing
        • Elevate your application’s security with our thorough thick client penetration testing service. From standalone desktop applications to complex client-server systems, we meticulously probe for vulnerabilities to fortify your software against potential cyber threats.

        • Source Code Review
        • Ensure the integrity and security of your codebase with our comprehensive service, meticulously analysing code quality, identifying vulnerabilities, and optimising performance for various types of applications, scripts, plugins, and more

        • Email Spoofing Prevention
        • Check if your organisation’s email is vulnerable to hackers and put a stop to it. Receive your free test today!

        • Email Phishing Excercise
        • Strengthen your defense against email threats via simulated attacks that test and educate your team on spotting malicious emails, reducing breach risks and boosting security.

        • Cyber Essentials Bundle
        • Equip your organisation with essential cyber protection through our packages, featuring quarterly breached accounts monitoring, email phishing campaigns, cyber hygiene training, and more. LAUNCHING SOON.

Chinese State Hackers Target Linux Systems With New Malware

Chinese State Hackers Target Linux Systems With New Malware

Security researchers at Intezer have discovered a previously undocumented backdoor dubbed RedXORwith links to a Chinese-sponsored hacking group and used in ongoing attacks targeting Linux systems.

The RedXOR malware samples found by Intezer were uploaded to VirusTotal (12) from Taiwan and Indonesia (known targets for Chinese state hackers) and have low detection rates.

Based on command-and-control servers still being active, the Linux backdoor is being used in ongoing attacks targeting both Linux servers and endpoints.

RedXOR comes with a large set of capabilities, including executing commands with system privileges, managing files on infected Linux boxes, hiding its process using the Adore-ng open-source rootkit, proxying malicious traffic, remote updating, and more.

Also Read: The DNC Registry Singapore: 5 Things You Must Know

Links to Chinese Winnti malware

The new malware is believed to be a new malicious tool added to China’s Winnti umbrella threat group’s arsenal.

“Based on victimology, as well as similar components and Tactics, Techniques, and Procedures (TTPs), we believe RedXOR was developed by high profile Chinese threat actors,” Intezer said.

Intezer also found multiple connections between the RedXOR Linux backdoor and multiple malware strains linked to the Winnti state hackers, including the PWNLNX backdoor and the Groundhog and XOR.DDOS botnets.

Similarities discovered by the security researchers while comparing these malware strains include the use of:

  • old open-source kernel rootkits, 
  • identically named functions, 
  • XOR-encoded malicious traffic, 
  • comparable naming scheme for persistence services, 
  • compilation using legacy Red Hat compilers, 
  • very similar code flow and functionality, and more.

Who is Winnti?

Winnti is an umbrella term used to track a collective of state-backed hacking groups (BARIUM by Microsoft, APT41 by FireEye, Blackfly and Suckfly by Symantec, Wicked Panda by CrowdStrike) linked to Chinese government interests.

These APT groups share an arsenal of malicious tools used in cyberespionage and financially motivated attacks since at least 2011.

That is when Kaspersky researchers discovered Winnti’s Trojan malware on a massive number of compromised gaming systems following a supply chain attack that compromised a game’s official update server.

Kaspersky also revealed evidence connecting Winnti attack tactics and methods used in the compromise of ASUS’ LiveUpdate during Operation ShadowHammer to the ones employed in other supply-chain attacks, including NetSarang and CCleaner from 2017.

Also Read: How To Comply With PDPA: A Checklist For Businesses

APT groups increasingly target Linux users

The discovery of new is not at all surprising, taking into account the over 40% increase in new Linux malware found during 2020.

Nation-state hackers also focus more and more on targeting Linux systems, as highlighted by a 2020 Intezer report summarizing the last ten years of Linux APT attacks.

“In the previous decade researchers discovered several large APT campaigns targeting Linux systems, as well as unique Linux malware tools tailored for espionage operations,” Intezer said.

“Some of the most prominent nation-state actors are incorporating offensive Linux capabilities into their arsenal and it’s expected that both the number and sophistication of such attacks will increase over time.”

0 Comments

KEEP IN TOUCH

Subscribe to our mailing list to get free tips on Data Protection and Data Privacy updates weekly!

Personal Data Protection

REPORTING DATA BREACH TO PDPC?

We have assisted numerous companies to prepare proper and accurate reports to PDPC to minimise financial penalties.
×

Hello!

Click one of our contacts below to chat on WhatsApp

× Chat with us