"SparklingGoblin APT Hackers Using New Linux Variant of SideWalk Backdoor"

In February 2021, a Linux variant of a backdoor called SideWalk was used to target a Hong Kong university, demonstrating the implant's cross-platform capabilities. The malware was detected in the university's network by ESET researchers, which attributed the backdoor to a nation-state actor known as SparklingGoblin. The unnamed university is said to have been targeted by the group during student protests in May 2020. Over a long period of time, the group repeatedly targeted this organization, successfully compromising multiple key servers, including a print server, an email server, and a server used to manage student schedules and course registrations. SparklingGoblin is a Chinese Advanced Persistent Threat (APT) group with ties to the Winnti umbrella, also known as APT41, Barium, Earth Baku, or Wicked Panda. Since at least 2019, it has been primarily known for its attacks on various entities in East and Southeast Asia, particularly focusing on the academic sector. This article continues to discuss the SparklingGoblin APT group using a new Linux variant of the SideWalk backdoor. 

THN reports "SparklingGoblin APT Hackers Using New Linux Variant of SideWalk Backdoor"