China: A report by Blackberry found that many Linux servers are being attacked by Chinese state-backed threat actors and have been for roughly ten years. Although only 1.7% of all operating systems across workstations and servers are Linux based, Linux is commonly used on servers throughout enterprises and the top 500 supercomputers in the world. Because of the low amount of Linux based systems and the diversity of distributions and configurations, there are fewer security monitoring products and services available. At least five different Chinese Advanced Persistent Threats (APT’s) have been targeting Linux servers within corporations since 2012. The toolset that researchers discovered on the Linux machines is just as old as the attacks, but because Linux is not at the top of the list for security, they are commonly overlooked, allowing the attackers to remain persistent without being detected.
Written by: Nataliia Zdrok, Threat Intelligence Analyst at Binary Defense Russia’s invasion of Ukraine increased