Linux Support Expands Cyber Spy Group's ArsenalLinux Support Expands Cyber Spy Group's Arsenal
An infamous Chinese cyber-hacking team has extended its SysUpdate malware framework to target Linux systems.
March 1, 2023

A pervasive cyber-espionage group known as Iron Tiger, believed to be out of China, has updated one of its malware frameworks to attack Linux-based systems.
Researchers at Trend Micro recently discovered that Iron Tiger (aka Emissary Panda or APT27) had added new features to its so called SysUpdate malware family, which allows it to infect Linux platforms in addition to Windows. SysUpdate abuses system services, grabs screenshots, browses and terminates processes, retrieves drive information, executes commands, and can find, delete, rename, upload, and download files as well as peruse a victim's file directory.
One other new feature the firm found with the newest version of SysUpdate: command-and-control communications via DNS TXT requests. "While DNS is not supposed to be a communication protocol, the attacker abuses this protocol to send and receive information," the researchers wrote in a blog post about their findings.
Iron Tiger was among a group of five cyber-espionage groups flagged in 2020 by BlackBerry as targeting Linux-based systems.
About the Author(s)
Hacking Your Digital Identity: How Cybercriminals Can and Will Get Around Your Authentication Methods
Oct 26, 2023Modern Supply Chain Security: Integrated, Interconnected, and Context-Driven
Nov 06, 2023How to Combat the Latest Cloud Security Threats
Nov 06, 2023Reducing Cyber Risk in Enterprise Email Systems: It's Not Just Spam and Phishing
Nov 01, 2023SecOps & DevSecOps in the Cloud
Nov 06, 2023