![]() ![]() Then in March 2023, Google-owned Mandiant detailed a set of attacks mounted by a suspected China-linked threat actor dubbed UNC3886 that employed zero-day flaws in Fortinet appliances to deploy a number of custom implants as well as Reptile.ĮxaTrack, that same month, revealed a Chinese hacking group's use of a Linux malware called Mélofée that's based on Reptile. The first use of the rootkit was recorded by Trend Micro in May 2022 in connection with an intrusion set tracked as Earth Berberoka (aka GamblingPuppet), which has been found to use the malware to hide connections and processes related to a cross-platform Python trojan known as Pupy RAT in attacks aimed at gambling sites in China. At least four different campaigns have leveraged Reptile since 2022. ![]() When the threat actor sends a magic packet to the system, the received packet is used as a basis to establish a connection with the C&C server."Ī rootkit is a malicious software program that's designed to provide privileged, root-level access to a machine while concealing its presence. "Port knocking is a method where the malware opens a specific port on an infected system and goes on standby. "Unlike other rootkit malware that typically only provide concealment capabilities, Reptile goes a step further by offering a reverse shell, allowing threat actors to easily take control of systems," the AhnLab Security Emergency Response Center (ASEC) said in a report published this week. Threat actors are using an open-source rootkit called Reptile to target Linux systems in South Korea. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |