A new Turla sample has surfaced in the wild, and this time, it's targeting the Linux operating system.
Also known as "Penquin" Turla, it supports Linux for broader system support at victim sites, according to Kaspersky Lab researchers. The APT group's major operation ‘Epic Turla' was initially detailed in August when it used zero-day exploits to infect hundreds of systems in more than 45 countries.
The Linux malware is a stealth backdoor bassed on cd00r sources, the researchers said.
“This Turla cd00r-based malware maintains stealth without requiring elevated privileges while running arbitrary remote commands,” they wrote. “It can't be discovered via netstat, a commonly used administrative tool. It uses techniques that don't require root access, which allows it to be more freely run on more victim hosts.”
After the researchers' post was published, an additional Linux Turla module was discovered.