Chinese state-backed hackers APT27, commonly known as Iron Tiger, created SysUpdate, a Linux malware toolset. TiltedTemple, a Chinese cybercrime group, targets European targets with computer espionage.
This research reveals that the malware toolkit SysUpdate, which evades protection software and resists reverse engineering, may be more hazardous than ever.
Chinese APT cyberespionage ring publishes malware kit
Bronze Union, Emissary Panda, and Lucky Mouse are Chinese cyber espionage gangs that use SysUpdate and rshell Linux malware.
The new virus strain infects five files instead of three. Trend Micro reports that APT27 uses additional new rootkits.
According to the research, hackers had abandoned SysUpdate in recent years, but it has been rediscovered with new Linux capabilities. Linux, which is on most mobile devices and Computers, is seeing a revival in malware.
APT27: Iron Tiger returns
It is part of TiltedTemple, a Chinese cyber espionage ring whose member recently spear-phished Belgian Politician Samuel Cogolati.
The Lawmaker was purportedly targeted in January 2021 while authoring a resolution warning of “crimes against humanity” against Uyghur Muslims in China. The Belgian Centre for Cyber Security Belgium (CCB) boldly declared that the MP was likely infected by a specific Chinese cybercriminal.
Last month, ENISA warned all syndicate members that China permitted its cybercrime gangs to attack the EU.
Belgium warned China authorities to stop Chinese cybercriminals’ destructive cyber activity. The study states that TiltedTemple members APT27, APT30, APT31, and GALLIUM are responsible for these operations.
“These threat actors offer substantial and continuous challenges to the EU,” it reads. These criminals “focused mostly on information theft, notably via acquiring persistent footholds into the network architecture of strategic importance organisations.”
Source – Tech Monitor