Iron Tiger APT Group Updates SysUpdate Malware to Target Linux Platforms
Iron Tiger APT Group Updates SysUpdate Malware to Target Linux Platforms
Threat Level
Attack Report
Follow Hive Pro for a detailed threat advisory, download the pdf file here from HiveForce Labs.
Summary
The Iron Tiger aka APT27 group updated their custom malware, SysUpdate, to target Linux platforms and evade security solutions. They specifically targeted a vulnerability in a Wazuh signed executable, using a complex loading process and new C&C communication through DNS TXT requests.