| Category | Details |
|---|---|
| Threat Actors | - Likely government-backed hackers and cybercriminals |
| Campaign Overview | - Linux malware campaign exploiting eBPF technology - Targets businesses and users globally - Uses eBPF rootkits and public platforms for command-and-control configuration |
| Target Regions (Victims) | - Businesses and users in Southeast Asia and globally |
| Methodology | - Exploits eBPF technology for hiding activities and bypassing security measures - Deploys rootkits and remote access Trojans - Stores malware configurations on public platforms like GitHub and blogs |
| Product Targeted | - Linux operating systems |
| Malware Reference | - eBPF-based malware families: Boopkit, BPFDoor, Symbiote - Remote Access Trojans: Trojan.Siggen28.58279, Trojan:Win32/Siggen.GR!MTB |
| Tools Used | - eBPF technology - Public platforms (e.g., GitHub, blogs) - Trojanized rootkits |
| Vulnerabilities Exploited | - Over 100 new vulnerabilities in eBPF technology identified in 2024 |
| TTPs | - Abuse of eBPF for network manipulation and data exfiltration - Hiding malware configurations on public platforms - Leveraging rootkits for persistence and stealth |
| Attribution | - Government-backed threat actors and cybercriminals |
| Recommendations | - Monitor eBPF activity and configurations - Employ behavioral detection for rootkits and Trojans - Scrutinize public platform network activity - Patch vulnerabilities in Linux systems |
| Source | Hackread |
Read full article: https://hackread.com/hackers-exploit-linux-ebpf-malware-ongoing-campaign/
The above summary has been generated by an AI language model
Leave a Reply