Linux Archives

Mirai Compiled for New Processors Surfaces in the Wild

Unit 42 discovers new samples of Mirai compiled for additional processors, Altera Nios II, OpenRISC, Tensilica Xtensa, and Xilinx MicroBlaze, potentially increasing the DDoS firepower of Mirai.

By Ruchna Nigam
April 8, 2019 at 6:00 AM

Malware Used by “Rocke” Group Evolves to Evade Detection by Cloud Security Products

Palo Alto Networks Unit 42 recently captured and investigated new samples of the Linux coin mining malware used by the Rocke group. The family was suspected to be developed by the Iron cybercrime group and it’s also associated with the Xbash malware we reported on in September of 2018.

By Xingyu Jin and Claud Xiao
January 17, 2019 at 6:00 AM

Xbash Combines Botnet, Ransomware, Coinmining in Worm that Targets Linux and Windows

Unit 42 researchers discover Xbash, a new malware family tied to the Iron Group targeting Linux and Microsoft Servers

By Claud Xiao, Cong Zheng and Xingyu Jin
September 17, 2018 at 5:00 AM

Multi-exploit IoT/Linux Botnets Mirai and Gafgyt Target Apache Struts, SonicWall

Unit 42 has uncovered new variants of the well-known IoT botnets Mirai and Gafgyt.

By Ruchna Nigam
September 9, 2018 at 6:27 PM

Unit 42 Finds New Mirai and Gafgyt IoT/Linux Botnet Campaigns

Unit 42 documents the emergence of three malware campaigns built on publicly available source code for the Mirai and Gafgyt malware families that incorporate multiple known exploits affecting Internet of Things (IoT) device.

By Ruchna Nigam
July 20, 2018 at 5:00 AM

Threat Brief: Meltdown and Spectre Vulnerabilities

Get an overview of the Meltdown and Spectre vulnerabilities including a risk assessment and calls to action.

By Christopher Budd
January 4, 2018 at 1:25 PM

New IoT/Linux Malware Targets DVRs, Forms Botnet

Unit 42 researchers have identified a new variant of the IoT/Linux botnet “Tsunami”, which we are calling “Amnesia”.

By Claud Xiao and Cong Zheng
April 6, 2017 at 1:00 PM

A Look Into Fysbis: Sofacy’s Linux Backdoor

Introduction The Sofacy group, also known as APT28 and Sednit, is a fairly well known cyber espionage group believed to have ties to Russia. Their targets have spanned all across the world, with a focus on government, defense organizations and various Eastern European governments. There have been numerous reports on their activities, to the extent

By Bryan Lee and Rob Downs
February 12, 2016 at 3:00 PM

Palo Alto Networks Addresses Bash Vulnerability Shellshock: Mitigation for CVE-2014-6271

Around 6:00 am PST on September 24, the details of a vulnerability in the widely used Bourne Again Shell (Bash) were disclosed by multiple Linux vendors. The vulnerability, assigned CVE-2014-6271 by Mitre, was originally discovered by Stephane Chazelas, a Unix and Linux network and telecom administrator and IT manager at UK robotics company SeeByte, Ltd.

By Ryan Olson
September 25, 2014 at 7:32 AM

Iptables Backdoor: Even Linux Is At Risk of Intrusion

A backdoor implant is an increasingly common mechanism for maintaining unauthorized access and control over a computer asset. The terms remote administration tool (RAT) and trojan downloader are often used synonymously with such implants. Once installed (i.e. implanted on a system), the modern backdoor typically offers much more than simple (i.e. command line) access to

By Jin Chen
July 16, 2014 at 10:00 AM

Posts tagged with: Linux