"Iron Tiger Hackers Create Linux Version of Their Custom Malware"

The APT27 hacking group, also known as "Iron Tiger," has developed a new Linux version of its SysUpdate custom remote access malware, enabling the Chinese cyber espionage group to target a wider range of enterprise-level services. According to a recent report by Trend Micro, the hackers tested the Linux version for the first time in July 2022. However, many payloads did not begin circulating in the wild until October 2022. The new malware variant is written in C++ using the Asio library, and its features closely resemble Iron Tiger's Windows version of SysUpdate. Last summer, SEKOIA and Trend Micro discovered that APT27 was deploying a new backdoor called "rshell" to target Linux and macOS systems, revealing the threat actor's interest in expanding the scope of its attacks to systems other than Windows. This article continues to discuss findings and observations regarding APT27's latest campaign. 

Bleeping Computer reports "Iron Tiger Hackers Create Linux Version of Their Custom Malware"