Chinese hackers, specifically the DaggerFly espionage group, are targeting Linux devices with a sophisticated SSH backdoor called ELF/Sshdinjector.A!tr. The Lunar Peek campaign, active since mid-November 2024, primarily focuses on network appliances and IoT devices. The attack involves a dropper that deploys malicious binaries, including a modified SSH library and infected versions of common utilities. The core backdoor communicates with a remote C2 server, enabling system information gathering, data exfiltration, and arbitrary command execution. The malware uses a custom communication protocol with hardcoded identifiers and can perform various actions through specific command IDs. Users are advised to keep their AntiVirus definitions up-to-date to mitigate the threat.