Unveiling WolfsBane: Linux counterpart to Gelsevirine
Essential information
- Published
- 22/11/2024 04:49
- Modified
- 22/11/2024 09:25
- Tags
- 2024-11-22 apt backdoor cyberespionage firewood gelsevirine linux persistence project wood rootkit wolfsbane
- Related entities
- 41 observables, 1 intrusion sets (apt), 7 malware, 5 others
Description
ESET researchers have discovered previously unknown Linux backdoors attributed to the China-aligned Gelsemium APT group. The main backdoor, named WolfsBane, is the Linux equivalent of Gelsemium's Gelsevirine backdoor for Windows. Another backdoor, FireWood, is connected to the group's Project Wood malware. These tools are designed for cyberespionage, targeting system information, credentials, and specific files. The malware uses sophisticated techniques for persistence, stealth, and command execution. This discovery marks Gelsemium's first known use of Linux malware, indicating a shift in APT tactics towards exploiting vulnerabilities in internet-facing Linux systems.