Krasue, a remote access trojan, is targeting Linux systems within telecoms firms, especially in Thailand. The malware incorporates seven rootkit variants, which make the malware hard to detect and eliminate. Investigators believe that it could be sold to threat actors seeking particular targets. Although disseminated through unknown means, researchers suggest it could be shared through botnets, brute force attacks, or posing as a legitimate product.
GuidePoint warns of Python backdoor used in ransomware
GuidePoint Security identified a threat actor using a Python-based backdoor to persistently access breached endpoints and release RansomHub encryptors across compromised networks. The backdoor was