Kaspersky, a cyber-security firm, has reportedly revealed that cyber attackers are actively targeting servers and workstations based on Linux. The APT (advanced persistent threat) groups are currently targeting the Linux operating systems within the organizations.
As per Kaspersky’s statement, several organizations adopt the Linux OS for their critical servers and systems, considering it to be safer and less prone to cyber threats, such as mass malware attacks, as compared to the Windows operating system. The researchers at Kaspersky have identified that these cyber attackers are executing targeted attacks against the devices based on the Linux OS while developing more tools.
According to the company’s report, nearly 12 APT groups are found to be attacking these Linux-based systems in targeted attacks, which include Equation, the Lamberts, Sofacy, and Barium, as well as recent campaigns including LightSpy by WellMess and TwoSail Junk.
Due to the massive popularity of Linux-based systems among the enterprise organizations, the systems are highly exposed to malware such as rootkits, backdoors, webshells, and custom-made exploits. Researchers have specified that the Russian-speaking cyber espionage group, Turla, and Korean-speaking cyber espionage group, Lazarus, are among these threats. Turla, for instance, has developed a modified Penguin_x64 Linux backdoor. This backdoor has impacted multiple servers in the United States and Europe in July 2020. Additionally, in June 2020, Lazarus used MATA, a multi-platform framework, for the financial & espionage attacks.
GReAT (Global Research & Analysis Team) of Kaspersky in Russia has cited that the increasing focus to enhance APT toolsets, including the Linux-focused tools, had been identified by the company’s experts in the past. Several firms are extensively leveraging the Linux OS to secure their IT, systems, and security departments.
In order to counteract these security measures, attackers are developing sophisticated tools to effectively penetrate through such systems, which gives rise to the needs of taking additional steps to safeguard the workstations and servers.