Infosecurity-magazine.com

New Syslogk Linux Kernel Rootkit Uses "Magic Packets" to Trigger Remote Backdoor Access

A new Linux kernel rootkit dubbed ‘syslogk’ has been spotted in the wild by Avast cybersecurity researchers. According to an advisory by David Álvarez and Jan Neduchal, syslogk would be able to cloak ...
The Hacker News

Mustang Panda Uses Signed Kernel-Mode Rootkit to Load TONESHELL Backdoor

Mustang Panda deployed TONESHELL via a signed kernel-mode rootkit, targeting Asian government networks and evading security ...

Chinese state hackers use rootkit to hide ToneShell malware activity

A new sample of the ToneShell backdoor, typically seen in Chinese cyberespionage campaigns, has been delivered through a kernel-mode loader in attacks against government organizations.
SecurityWeek

Chinese APT Mustang Panda Caught Using Kernel-Mode Rootkit

The China-linked Mustang Panda APT has been using a kernel-mode rootkit in attacks leading to ToneShell backdoor deployments.
Dark Reading

Krasue RAT Uses Cross-Kernel Linux Rootkit to Attack Telecoms

Attackers likely tied the creators of the XorDdos Linux remote access Trojan (RAT) have been wielding a separate Linux RAT for nearly two years without detection, using it to target organizations in ...