Sign In

Communications of the ACM

ACM TechNews

Linux Security: Chinese State Hackers May Have Compromised 'Holy Grail' Targets Since 2012


View as: Print Mobile App Share: Send by email Share on reddit Share on StumbleUpon Share on Hacker News Share on Tweeter Share on Facebook
Linux.

Five Chinese threat groups have spent the last eight years attacking Linux servers that "comprise the backbone of the majority of large data centers responsible for the some of the most sensitive enterprise network operations," a BlackBerry research and intelligence team found.

Credit: Getty

A BlackBerry research and intelligence team said five Chinese advanced persistent threat groups have long been attacking Linux servers that "comprise the backbone of the majority of large data centers responsible for the some of the most sensitive enterprise network operations."

Particularly worrying is evidence of the attackers using a previously undocumented Linux malware toolkit including at least two kernel-level rootkits and three backdoors, actively deployed since March 13, 2012.

Analysis associated this toolkit with one of the largest Linux botnets ever found, with a significant number of organizations likely infected.

Targets include Red Hat Enterprise, CentOS, and Ubuntu Linux environments for purposes of cyberespionage and intellectual property theft, with researchers describing Linux defensive capabilities as immature at best.

Former U.K. Military Intelligence Colonel Philip Ingram said mitigating such exploits entails "treating [the threats] as if they are ... as much a threat as any other operating system."

From Forbes
View Full Article

 

Abstracts Copyright © 2020 SmithBucklin, Washington, DC, USA


 

No entries found