Chinese hackers have unleashed a never-before-seen Linux backdoor::SprySOCKS borrows from open source Windows malware and adds new tricks.
SprySOCKS Capabilities:
ID NOTES 0x09 Gets machine information 0x0a Starts interactive shell 0x0b Writes data to interactive shell 0x0d Stops interactive shell 0x0e Lists network connections (parameters: “ip”, “port”, “commName”, “connectType”) 0x0f Sends packet (parameter: “target”) 0x14, 0x19 Sends initialization packet 0x16 Generates and sets clientid 0x17 Lists network connections (parameters: “tcp_port”, “udp_port”, “http_port”, “listen_type”, “listen_port”) 0x23 Creates SOCKS proxy 0x24 Terminates SOCKS proxy 0x25 Forwards SOCKS proxy data 0x2a Uploads file (parameters: “transfer_id”, “size”)
epyon22@sh.itjust.works 1 year ago
CVE-2022-40684 An authentication bypass vulnerability in Fortinet FortiOS, FortiProxy and FortiSwitchManager
CVE-2022-39952 An unauthenticated remote code execution (RCE) vulnerability in Fortinet FortiNAC
CVE-2021-22205 An unauthenticated RCE vulnerability in GitLab CE/EE
CVE-2019-18935 An unauthenticated remote code execution vulnerability in Progress Telerik UI for ASP.NET AJAX
CVE-2019-9670 / CVE-2019-9621 A bundle of two vulnerabilities for unauthenticated RCE in Zimbra Collaboration Suite
ProxyShell (CVE-2021-34473, CVE-2021-34523v, CVE-2021-31207) A set of three chained vulnerabilities that perform unauthenticated RCE in Microsoft Exchange
RaivoKulli@sopuli.xyz 1 year ago
Thanks. I read the article but (from my reading) they left out the most important part out: how it spreads and infects a machine. Sometimes they make a huge deal about a Linux backdoor and then it’s revealed right at the end (if at all) that it requires local access. Wah whaa. Now I have to scan every article to see what the actual method is.
Kecessa@sh.itjust.works 1 year ago
That just means your need your man on the inside and considering we just had a situation where a Chinese asset was employed for the local power corporation, I don’t think it’s that much of an issue…
Bitrot@lemmy.sdf.org 1 year ago
They’re doing some CYA, but still: “including (but not limited to)”.