BleepingComputer reports that various government agencies involved in telecommunications, technology, and foreign affairs around the world, particularly in Central Asia, Southeast Asia, and the Balkans, have been targeted by Chinese cyberespionage hacking operation Earth Lusca with attacks deploying the novel Linux backdoor SprySOCKS during the first six months of 2023.
Various n-day unauthenticated remote code execution vulnerabilities from 2019 to 2022 have been leveraged by Earth Lusca to facilitate the distribution of Cobalt Strike beacons for remote network access and the delivery of the SprySOCKS loader, according to a Trend Micro report.
Such a loader purports to be a Linux kernel worker thread to evade detection and proceeds with the decryption of SprySOCKS, which uses the HP-Socket networking framework and AES-ECB encrypted communications with its command-and-control center.
Aside from gathering system data and commencing a PTY subsystem-using interactive shell, SprySOCKS also enables network connection listing, SOCKS proxy configuration management, and typical file operations, said researchers, who urged immediate remediation of vulnerabilities to avoid compromise.
Ukraine has been targeted by Russian threat actors in the new Operation Texontodisinformation campaign that also involved spear-phishing and credential exfiltration tactics, according to The Hacker News.
Record high ransomware and data extortion incidents experienced by Western nations last year have prompted former National Security Agency Director Michael Rogers to call for a reevaluation of their cybersecurity defense strategy.