Advanced persistent threat groups target Linux-based devices

Advanced persistent threat groups target Linux-based devices

Kaspersky researchers have identified a trend where more and more threat actors are executing targeted attacks against Linux-based devices while developing more Linux-focused tools.

Many organisations choose Linux for strategically important servers and systems, not least because this operating system is thought to be safer and less prone to cyberthreats than the far more popular Windows operating system.

“The trend of enhancing APT toolsets was identified by our experts many times in the past and Linux-focused tools are no exception. Aiming to secure their systems, IT and security departments are using Linux more often than before. Threat actors are responding to this with the creation of sophisticated tools that are able to penetrate such systems. We advise cybersecurity experts to take this trend into account and implement additional measures to protect their servers and workstations,” said Yury Namestnikov, Head, Kaspersky Global Research and Analysis Team.

Over the past eight years, over a dozen APT actors have been observed to use Linux malware or some Linux-based modules. These include infamous threat groups like Barium, Sofacy, the Lamberts and Equation, as well as more recent campaigns like LightSpy by TwoSail Junk and WellMess.

Diversification of the arsenal with Linux tools enables threat actors to conduct operations more effectively and with wider reach.

Browse our latest issue

Intelligent CIO Middle East

View Magazine Archive