| Category | Details |
|---|---|
| Threat Actors | – Likely government-backed hackers and cybercriminals |
| Campaign Overview | – Linux malware campaign exploiting eBPF technology – Targets businesses and users globally – Uses eBPF rootkits and public platforms for command-and-control configuration |
| Target Regions (Victims) | – Businesses and users in Southeast Asia and globally |
| Methodology | – Exploits eBPF technology for hiding activities and bypassing security measures – Deploys rootkits and remote access Trojans – Stores malware configurations on public platforms like GitHub and blogs |
| Product Targeted | – Linux operating systems |
| Malware Reference | – eBPF-based malware families: Boopkit, BPFDoor, Symbiote – Remote Access Trojans: Trojan.Siggen28.58279, Trojan:Win32/Siggen.GR!MTB |
| Tools Used | – eBPF technology – Public platforms (e.g., GitHub, blogs) – Trojanized rootkits |
| Vulnerabilities Exploited | – Over 100 new vulnerabilities in eBPF technology identified in 2024 |
| TTPs | – Abuse of eBPF for network manipulation and data exfiltration – Hiding malware configurations on public platforms – Leveraging rootkits for persistence and stealth |
| Attribution | – Government-backed threat actors and cybercriminals |
| Recommendations | – Monitor eBPF activity and configurations – Employ behavioral detection for rootkits and Trojans – Scrutinize public platform network activity – Patch vulnerabilities in Linux systems |
| Source | Hackread |
Read full article: https://hackread.com/hackers-exploit-linux-ebpf-malware-ongoing-campaign/
The above summary has been generated by an AI language model
Leave a Reply