Hackers have long been attacking and exploiting numerous Linux servers for stealing data and intellectual property theft. This was discovered by Blackberry, who claims the hacking group behind it could be Chinese state-backed authors. They initially scan for potential servers that are unpatched and with vulnerabilities, thus exploit them for data exfiltration and planting backdoors for future use.
Since 2012!
Researchers at Blackberry uncovered a new hacking campaign thatโs large and been around since 2012. The actors behind this are linked to Chinese state-backed groups, as theyโre using the Winnti malware. This was used back in the 2010s by Chinese groups as APT17 for stealing corporate secrets and sensitive data. These can help them aid in cloning the original products at cheaper prices.
Researchers tell that theyโve been in the dark since the early 2010s, as the tool hints left by them trace back to 2012. The malware tools used by them arenโt so sophisticated now. Further, the group has made it easy into those unpatched servers and didnโt even update their tools since deployed. Major servers targeted by these hackers were those of Red Hat Enterprise, Ubuntu or CentOS bases.
But Why Linux?
Linux isnโt that consumer-facing product. It is raw and used mostly by professionals for creating things, rather than just simply working or gaming or streaming movies. And the ones whoโre using Linux would most probably be professionals. So for all these reasons, security companies wonโt concentrate much on Linux. And if there are no tightened security solutions available, it would be easy to find and sneak in.
Unlike Windows, which gets regular updates and constant monitoring by antivirus software, servers wonโt be regulated that much. And any traffic trespassing in and out shall be considered normal, even if itโs exfiltration of data to hackers C2 server. After all, researchers recommended the good old solution of applying patches whenever possible and checking for any suspicious activity periodically.
Via: ZDNet