Collaborative attack between Chinese APT Actors on Linux

August 26, 2020
chinese apt actors group hackers linux OS Advanced Persistent Threats

A collaborative attack has been unwrapped recently by cybersecurity experts that have been targeting the Linux Operating System. Developers such as Red Hat Enterprise, CentOS, and Debian are said to be the focus of this malicious attack. According to the uncovered pieces of evidence, the attack was perpetrated by 5 different Advanced Persistent Threats (APT) group that uses Linux Spyware toolkit in which it has been repurposed and evolved to be more lethal from the collaborative effort of these APT actors. The toolkit is composed of many functionalities that include Linux XOR DDoS botnet and 2 types of backdoor codes, which makes it more noxious to its target.

The in-depth analysis confirmed that these 5 threats actor groups are linked to each other as their modus operandi was discovered to have a stench of the infamous WINNT group. Being said, this concludes the suspicions that the attack is from highly trained different hacking groups that have been recruited and worked simultaneously for a single entity and cause.

With years of tracing its origin, researchers were able to pinout that the WINNT group is from China. Though speculation has been arising that they are government back adversaries, this suspicion has not been verified. However, the group has been infamous in the cyber community for having a successful history of cyber-espionage throughout the globe. Citing from pertinent businesses and critical personalities. From its humble beginning of infecting online gaming user devices to hack game source codes to steal in-game purchases, they were able to evolve the attack up to the game server wherein they were able to create a false environment for a broader range of user attack. Exploiting further their lethal signature of stealing Verisign Certificates that brought chaos to many industries and rose suspiciously to one another is only a part of their plan. Whereas their main target was to exfiltrate classified information and possibly sell it out in the black market for a tantamount of money.


With the history and purpose of the Linux Operating System, getting hold of this vital technology is a trophy for every threat actor including these Chinese APT actors.


Linux OS has been there in every network infrastructure from known businesses, government organizations, and pertinent institutions. It serves mostly as a database and servers that is an essential aspect of every network technology. Getting access to it will give these perpetrators every piece of information that can be a key to the possible fall of its target.

Fortunately, this malicious activity has been unraveled and will give insights and awareness to the targeted company. Early planning and mitigation plans can be placed to avoid the intrusion and data breach that may be used in more destructive results.


About the author

Leave a Reply