CyberSecurityBoard
Sponsor Register Login

Reverse Shell for Linux/Unix Systems

Hackers exploit reverse TCP shells on Linux or Unix systems to gain unauthorized remote access.
Cybersecurity researchers at PwC recently discovered a reverse TCP shell for Linux or Unix systems with C2 capabilities while analyzing one of the malware of Teal Kurma dubbed 'SnappyTCP'.
The three years Teal Kurma was initially tracked three years ago, and it primarily focuses on the targets throughout:-.
Since 2017, Teal Kurma has been exploiting vulnerabilities, especially CVEs like-.
With basic C2 capabilities and persistence functions, the Webshell is a Linux/Unix reverse TCP shell.
Php since July 2021, linked to 2022 Greek CERT alert, suggesting sustained use.
Recent infrastructure in 2023 linked to SnappyTCP via CERT alert indicators.
Using OpenSSL and TLS certificates for a secure link, the malware, in other cases, connects to an IP from the conf file, and then it sends:-.
Similar to past instances, it spawns a pthread calling bash to execute a different file, 'update,' not 'kdd launch':-.
GLIBC is statically linked, enabling self-contained operation without linking to the target machine's library files.
Besides this, the execution methods vary, resulting in either a shared object file or an executable.
The ELF files lack compile dates, as it helps in hiding the linking variations in toolchain usage to malware evolution.
The GitHub repository reveals Teal Kurma's reverse TCP shell mirroring public code, with 'update' replacing 'connector.
' Other samples in the repository establish reverse shells, possibly tied to Teal Kurma's activity.
The analyzed samples pivoted on SnappyTCP GET requests and used Sea Turtle reporting for the Teal Kurma infrastructure hunt.
Explored CERT infrastructure and found active links:-.
Uncovered TLS certificates tied to Media and NGO sectors, targeting the Middle East, using the reverse shell for espionage.
Threat actors aim for surveillance or traditional intelligence, with NGO and media sectors also targeted.
TLS certificates indicate the Middle East and North Africa focus; SnappyTCP is likely in European countries.
Targeting details aids attribution and provides insights for organizations in similar regions or sectors.


This Cyber News was published on cybersecuritynews.com. Publication date: Thu, 07 Dec 2023 14:20:10 +0000


Cyber News related to Reverse Shell for Linux/Unix Systems

CVE-2024-36886 - In the Linux kernel, the following vulnerability has been resolved: ...
5 months ago
Vulnerability Summary for the Week of March 11, 2024 - Published 2024-03-15 CVSS Score not yet calculated Source & Patch Info CVE-2021-47111416baaa9-dc9f-4396-8d5f-8c081fb06d67416baaa9-dc9f-4396-8d5f-8c081fb06d67416baaa9-dc9f-4396-8d5f-8c081fb06d67 PrimaryVendor - Product linux - linux Description In the ...
9 months ago Cisa.gov
Vulnerability Summary for the Week of March 4, 2024 - Published 2024-03-06 CVSS Score not yet calculated Source & Patch Info CVE-2023-52584416baaa9-dc9f-4396-8d5f-8c081fb06d67416baaa9-dc9f-4396-8d5f-8c081fb06d67416baaa9-dc9f-4396-8d5f-8c081fb06d67416baaa9-dc9f-4396-8d5f-8c081fb06d67 PrimaryVendor - ...
9 months ago Cisa.gov
Reverse Shell for Linux/Unix Systems - Hackers exploit reverse TCP shells on Linux or Unix systems to gain unauthorized remote access. Cybersecurity researchers at PwC recently discovered a reverse TCP shell for Linux or Unix systems with C2 capabilities while analyzing one of the malware ...
1 year ago Cybersecuritynews.com
Embedded Linux IoT Security: Defending Against Cyber Threats - Embedded Linux IoT systems are now essential parts of many different kinds of products, from industrial machinery and smart appliances to medical equipment and automobile systems. As Embedded Linux is being used widely, it has attracted the attention ...
11 months ago Securityboulevard.com
CVE-2023-52772 - In the Linux kernel, the following vulnerability has been resolved: af_unix: fix use-after-free in unix_stream_read_actor() syzbot reported the following crash [1] After releasing unix socket lock, u->oob_skb can be changed by another thread. We must ...
6 months ago Tenable.com
The Embedded Systems and The Internet of Things - The Internet of Things is a quite new concept dealing with the devices being connected to each other and communicating through the web environment. This concept is gaining its popularity amongst the embedded systems that exist - let's say - 10 or ...
1 year ago Cyberdefensemagazine.com
IT and OT cybersecurity: A holistic approach - In comparison, OT refers to the specialized systems that control physical processes and industrial operations. OT Technologies include industrial control systems, SCADA systems and programmable logic controllers that directly control physical ...
11 months ago Securityintelligence.com
CVE-2024-26624 - In the Linux kernel, the following vulnerability has been resolved: ...
9 months ago
Creating a New Market for Post-Quantum Cryptography - A day in the busy life of any systems integrator includes many actions that revolve around the lifeblood of its business - its customers. Systems integrators help solve evolving customer business challenges, which in turn adds partner value. It's a ...
1 year ago Securityboulevard.com
Any.RUN Sandbox Now Expanded to Analyze Linux Malware - The ANY.RUN sandbox has now been updated with support for Linux, further enhancing its ability to provide an isolated and secure environment for malware analysis and threat hunting. ANY.RUN allows malware analysts, SOC members, and DFIR team members ...
10 months ago Gbhackers.com
CVE-2020-8023 - A acceptance of Extraneous Untrusted Data With Trusted Data vulnerability in the start script of openldap2 of SUSE Enterprise Storage 5, SUSE Linux Enterprise Debuginfo 11-SP3, SUSE Linux Enterprise Debuginfo 11-SP4, SUSE Linux Enterprise Point of ...
4 years ago
Turkish Cyberspies Targeting Netherlands - A state-supported cyberespionage group likely affiliated to Turkey has been observed targeting numerous public and private entities in the Netherlands for intelligence gathering, Dutch incident response provider Hunt & Hackett reports. Over the past ...
11 months ago Securityweek.com
CVE-2021-40830 - The AWS IoT Device SDK v2 for Java, Python, C++ and Node.js appends a user supplied Certificate Authority (CA) to the root CAs instead of overriding it on Unix systems. TLS handshakes will thus succeed if the peer can be verified either from the ...
3 years ago
CVE-2024-47711 - In the Linux kernel, the following vulnerability has been resolved: af_unix: Don't return OOB skb in manage_oob(). syzbot reported use-after-free in unix_stream_recv_urg(). [0] The scenario is 1. send(MSG_OOB) 2. recv(MSG_OOB) -> The consumed OOB ...
2 months ago Tenable.com
Decade-Old Linux Vulnerability Can Be Exploited for DDoS Attacks on CUPS - This article explores the Linux vulnerability discovered by Simone Margaritelli, which, according to cybersecurity companies Uptycs and Akamai, can be exploited for additional malicious purposes, including RCE and DDoS attacks against the Common Unix ...
2 months ago Hackread.com
Ivanti Connect Secure zero-days now under mass exploitation - Two zero-day vulnerabilities affecting Ivanti's Connect Secure VPN and Policy Secure network access control appliances are now under mass exploitation. As discovered by threat intelligence company Volexity, which also first spotted the zero-days ...
11 months ago Bleepingcomputer.com
New AeroBlade hackers target aerospace sector in the U.S. - A previously unknown cyber espionage hacking group named 'AeroBlade' was discovered targeting organizations in the United States aerospace sector. The campaign, discovered by BlackBerry, unfolded in two phases: a testing wave in September 2022 and a ...
1 year ago Bleepingcomputer.com
Godzilla Web Shell Attacks Stomp on Critical Apache ActiveMQ Flaw - Threat actors have unleashed a fresh wave of cyberattacks targeting a critical remote code-execution vulnerability in Apache ActiveMQ, for which the Apache Software Foundation issued a patch back in October. In many of the attacks, the adversary has ...
10 months ago Darkreading.com
Cybersecurity In Critical Infrastructure: Protecting Power Grids and Smart Grids - Cyber Defense Magazine - Network Intrusion: Network communication systems of power and smart grids can be intruded through weak security configurations like default password, unsecured remote access, or unpatched systems and other vulnerabilities to gain control into the ...
2 months ago Cyberdefensemagazine.com
Openssh Flaw Exposes Millions of Linux to Arbitrary Code Attacks - A critical vulnerability has been discovered in OpenSSH, a widely used implementation of the SSH protocol, which could potentially expose millions of Linux systems to arbitrary code execution attacks. The flaw, identified in the sshd(8) component of ...
5 months ago Cybersecuritynews.com
Sea Turtle APT Group Exploiting Vulnerabilities Attack IT-service - To obtain access to a variety of clients' systems and data in a single attack, hackers frequently target IT service providers. Cybersecurity security researchers at Hunt & Hackett recently discovered that the Turkish espionage APT group Sea Turtle ...
11 months ago Cybersecuritynews.com
Cutting Edge: Suspected APT Targets Ivanti Connect Secure VPN in New Zero-Day Exploitation - Successful exploitation could result in authentication bypass and command injection, leading to further downstream compromise of a victim network. Mandiant has identified zero-day exploitation of these vulnerabilities in the wild beginning as early ...
11 months ago Mandiant.com
Preparing for Q-Day as NIST nears approval of PQC standards - Q-Day-the day when a cryptographically relevant quantum computer can break most forms of modern encryption-is fast approaching, leaving the complex systems our societies rely on vulnerable to a new wave of cyberattacks. While estimates just a few ...
5 months ago Helpnetsecurity.com
Preparing for Q-Day as NIST nears approval of PQC standards - Q-Day-the day when a cryptographically relevant quantum computer can break most forms of modern encryption-is fast approaching, leaving the complex systems our societies rely on vulnerable to a new wave of cyberattacks. While estimates just a few ...
5 months ago Helpnetsecurity.com

Latest Cyber News


Cyber Trends (last 7 days)


Trending Cyber News (last 7 days)