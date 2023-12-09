Linux Blamed for Everything (Even Unpatched Systems, Years-Old CVEs))
-
Gray Dot Media Group ☛ New XorDdos-Linked Linux RAT Krasue Targeting Telecom Firms [Ed: They cannot even explain what software carries this onto "Linux"; they just blame "Linux". Microsoft is desperate to "dismantle" the argument "Linux is more secure", even if that means attributing to "Linux" everything that isn't.]
This embedded rootkit can hook key system calls like kill(), network-related functions, and file listing operations to effectively mask its presence and evade detection. Researchers believe that this RAT was created by the same person who developed the XorDdos Linux Trojan or someone who has access to its source code.
-
Bleeping Computer ☛ Krasue RAT malware hides on Linux servers using embedded rootkits [Ed: The issue here is not "Linux" but something that runs on top of it and gets exploited]
It is unclear how the malware is being distributed but it could be delivered after exploiting a vulnerability, following a credential brute force attack, or even downloaded from an untrusted source as a package or binary impersonating a legitimate product.
-
Dark Reading ☛ Krasue RAT Uses Cross-Kernel Linux Rootkit to Attack Telecoms [Ed: It took years to detect this. And they don't know the culprit or still cannot name it, so by default, blame "Linux"]
A stealthy malware is infecting the systems of telecoms and other verticals in Thailand, remaining under the radar for two years after its code first appeared on VirusTotal.
-
Hacker News ☛ New Stealthy 'Krasue' Linux Trojan Targeting Telecom Firms in Thailand [Ed: It infests some servers that run "Linux", but it comes from somewhere else. Like any time proprietary VMware has a truly major hole and then VMware (and media it pays) rushes to blame "Linux"...]
This has raised the possibility that Krasue is either deployed as part of a botnet or sold by initial access brokers to other cybercriminals, such as ransomware affiliates, who are looking to obtain access to a specific target.
-
New Krasue Linux RAT targets telecom companies in Thailand [Ed: They need to specify if that gets installed due to outdated libraries, or perhaps bad passwords, or some proprietary stuff that's not GNU/Linux]
Group-IB researchers discovered a previously undetected Linux remote access trojan called Krasue has been employed in attacks aimed at telecom companies in Thailand.
The Krasue Remote Access Trojan (RAT) has remained undetected since at least 2021 when it was registered on Virustotal. The name “Krasue,” comes from the Thai name of a nocturnal native spirit known throughout Southeast Asian folklore.
-
Krasue’s curse: Group-IB discovers new Linux Remote Access Trojan targeting companies in Thailand
Group-IB, a leading creator of cybersecurity technologies to investigate, prevent, and fight digital crime, has discovered a new Linux Remote Access Trojan (RAT) that has been leveraged by cybercriminals looking to stealthily maintain access to the networks of targeted companies, which were exclusively based in Thailand. This Trojan, which has been named Krasue by Group-IB’s Threat Intelligence unit as a nod to the Thai name of a nocturnal native spirit known throughout Southeast Asian folklore, has been active since at least 2021, although remained under the radar for a significant period of time. At this stage, Group-IB researchers can confirm that Krasue was used against telecommunications companies in Thailand, although it has likely been part of attacks against organizations in other verticals.
-
Cyber Security News ☛ SnappyTCP – Reverse Shell for Linux/Unix Systems With C2 Capabilities [Ed: This one at least specifies which very old flaws are being exploited (unpatched systems)]
Cybersecurity researchers at PwC recently discovered a reverse TCP shell for Linux or Unix systems with C2 capabilities while analyzing one of the malware of Teal Kurma (a.k.a. Sea Turtle, Marbled Dust, Cosmic Wolf) dubbed ‘SnappyTCP’.