Verticals Targeted: Telecommunications, Financial, Retail
Regions Targeted: South Korea, Hong Kong, Myanmar, Malaysia, Egypt
Related Families: Symbiote
BPFDoor Campaign Targets Asia and Middle East
Apr 18, 2025 1:50:39 PM / by The Hivemind posted in Threat Bulletin, China, Linux, Backdoor, Red Menshen, BPFDoor
SystemBC Now Targeting Linux
Feb 18, 2025 2:05:57 PM / by The Hivemind posted in Threat Bulletin, Linux, RAT, SystemBC, Evolving Threat
Related Families: RIG, Fallout EK
Executive Summary
SystemBC, a RAT that previously only targeted Windows systems was recently observed targeting Linux.
Evasive Panda Uses SSH Backdoor to Target Network Devices
Feb 10, 2025 1:56:30 PM / by The Hivemind posted in Threat Bulletin, China, Linux, Evasive Panda, Daggerfly, ELF/Sshdinjector.A!tr
Executive Summary
HellDown Ransomware Linux Variant
Nov 25, 2024 1:39:46 PM / by The Hivemind posted in Threat Bulletin, Ransomware, Linux, Emerging Threat, ESXi, HellDown
FASTCash Linux Variant
Nov 4, 2024 1:04:08 PM / by The Hivemind posted in Threat Bulletin, Linux, FastCash, Payment Switch
Verticals Targeted: Financial
Executive Summary
A Linux variant of FASTCash “payment switch” malware was recently discovered. This malware is typically used by North Korea nexus threat actor groups to make unauthorized cash withdrawals from ATMs.
Perfectl Linux Malware
Oct 15, 2024 2:29:59 PM / by The Hivemind posted in Threat Bulletin, Linux, Cryptominer, Perfectl, Monero, Proxyjacking
Executive Summary
Perfectl is a malware family that targets misconfigured Linux servers. In a recent campaign, Perfectl was observed deploying cryptominers and proxyjacking software.
Labyrinth Chollima Using Poisoned Python Packages to Deliver PondRAT
Sep 30, 2024 1:49:09 PM / by The Hivemind posted in Threat Bulletin, North Korea, Linux, MacOS, PondRAT, PoolRAT, Labyrinth Chollima
Related Families: PondRAT, PoolRAT
Verticals Targeted: Software Development
Executive Summary
North Korea nexus threat actor group Labyrinth Chollima was observed using poisoned Python packages to deliver PondRAT, a backdoor that targets MacOS and Linux systems.
Play Ransomware Linux Variant Discovered
Jul 26, 2024 3:02:38 PM / by The Hivemind posted in Threat Bulletin, Ransomware, Linux, Play, ESXi