SparklingGoblin Revamps SideWalk Backdoor for Linux Variant

Threat Level

Attack Report

For a detailed threat advisory, download the pdf file here

Summary

SparklingGoblin aka Earth Baku State-backed Chinese hackers has integrated a Linux variant of the SideWalk backdoor. SparklingGoblin Threat actors typically target East and Southeast Asian countries, with a special emphasis on the educational sector, employing Motnug and ChaCha20-based loaders, the CROSSWALK and SideWalk backdoors, as well as Korplug (aka PlugX) and Cobalt Strike.