Chinese Hackers Carry Out Attacks on Linux
Cybersecurity experts at Intezer have discovered a previously unknown backdoor in the Linux security system. According to the company this backdoor, called RedXOR, is used by a hacker group funded by the Chinese Embassy.
If you’ve missed some previous important events in the world of cybersecurity, we’ve already listed them in this article.
The traces of the most targeted attacks in recent years lead to Asia, where the Shanghai servers stand out as a bright spot. Experts noted markers such as Chinese IP addresses, time stamps, language settings, and software specific to China in the course of their investigations.
Read this article to know how China banned a platform for children to learn programming.
RedXOR has extensive functionality, such as:
* execution of specified commands with system privileges
* interaction and control of files on infected Linux computers
* hiding real social activity.
* proxying malicious traffic
* remote update
Intezer experts are convinced that the new malware is a recently-added tool to the arsenal of the Chinese hacker group Winnti. Similarities were found between the malware and many other types of malware that Winnti developed.
Currently, the RedXOR are still active, so the tech door is still used to make cyberattacks on the system.
Follow these working rules to achieve internet security.
Winnti is a collective of hacker groups that have official support from the Chinese government or act in its interests.
In 2011, cybersecurity experts discovered the Winnti Trojan on many compromised game systems after Chinese hackers attacked the supply chain, which managed to compromise the official game update server.
During 2020, the number of new malware designed for Linux increased significantly – by more than 40%, compared to the figures of 2019. Hackers with government support are increasingly targeting the Linux system, according to the Intezer report for 2020.
Did you know that hackers can attack companies in 45 seconds? Read more here.
Who are these Chinese hackers?
In the field of cybersecurity, the Chinese government employs large teams of professional hackers. Some of them are officially considered army units – they are granted access to state secrets and are protected on a par with staff signalmen. Others operate through commercial firms and carry out attacks directly from their business centers.
We’ve collected the most famous hackers in this article.
Still others are freelance groups, which are often replaced. It seems that the latter are assigned the dirtiest cases, after which some are handed over to law enforcement agencies to whitewash the reputation of the ruling party. In the case of a puncture, the culprits are simply assigned the blame and the next ones are hired.
The investigation of large-scale targeted attacks sometimes takes years, so the details of their conduct are not immediately known. As a rule, by the time the details are published, all the vulnerabilities used are covered by patches, the malicious components are added to antivirus databases, and C&C servers are blocked. However, such reports reveal interesting methods that continue to be used in new attacks with minor changes.