Full report by researchers (Kaspersky): An overview of targeted attacks and APTs on LinuxAPT groups are increasingly executing targeted attacks against Linux-based devices as well as developing more Linux-focused tools, according to an investigation by Kaspersky.
This is as a result of a growing number of organizations’ selecting Linux ahead of Windows to run their strategically important servers and systems, and the perception that the Linux operating system is safer and less likely to be targeted by malware as it is less popular.
However, threat-actors have been observed to adapt their tactics to take advantage of this trend, and Kaspersky noted that “over a dozen APT actors have been observed to use Linux malware or some Linux-based modules” during the past eight years.
These include notorious groups such as Turla, Lazarus, Barium, Sofacy, the Lamberts and Equation. Kaspersky highlighted the example of Russian speaking APT group Turla using Linux backdoors as part of its changing toolset in recent years.
The cybersecurity company added that while targeted Linux-based systems are still uncommon, there is still malware designed to target them, including webshells, backdoors, rootkits and even custom-made exploits.