Brother
Professional
- Messages
- 2,590
- Reaction score
- 526
- Points
- 113
What do security researchers think about the new grouping malware?
The Vietnamese hacker group OceanLotus, also known as APT32, has been attacking government, military, and corporate systems in China and other countries for about 10 years. Cybersecurity experts from CrackMe Security analyzed one of the latest malware samples from this group, targeting Linux.
The company's report states that OceanLotus uses various methods to bypass security systems and run malicious code. In particular, it uses library injection, traffic encryption, and other tricks.
It is also noted that hackers began to actively use captured servers and Internet of Things (IoT) devices as proxies to hide their attacks.
The analysis showed that the "Two-Headed Dragon" malware used by hackers in the considered campaign receives commands from the attackers C2 server and can execute arbitrary code, steal data, and ensure a stable presence in the system.
Experts believe that the danger from the activities of OceanLotus remains, and urge organizations to strengthen their protection measures to avoid cyber attacks and data loss.
The Vietnamese hacker group OceanLotus, also known as APT32, has been attacking government, military, and corporate systems in China and other countries for about 10 years. Cybersecurity experts from CrackMe Security analyzed one of the latest malware samples from this group, targeting Linux.
The company's report states that OceanLotus uses various methods to bypass security systems and run malicious code. In particular, it uses library injection, traffic encryption, and other tricks.
It is also noted that hackers began to actively use captured servers and Internet of Things (IoT) devices as proxies to hide their attacks.
The analysis showed that the "Two-Headed Dragon" malware used by hackers in the considered campaign receives commands from the attackers C2 server and can execute arbitrary code, steal data, and ensure a stable presence in the system.
Experts believe that the danger from the activities of OceanLotus remains, and urge organizations to strengthen their protection measures to avoid cyber attacks and data loss.
