Daniel Lunghi
My latest #APT research on #IronTiger (#APT27/#EmissaryPanda/#LuckyMouse) is out ! It includes analysis of a new version of SysUpdate ported to Linux, a new communication protocol through DNS TXT requests, a VMProtect certificate compromise, and probable infection vector https://trendmicro.com/en_us/research/23/c/iron-tiger-sysupdate-adds-linux-targeting.html
Iron Tiger’s SysUpdate Reappears, Adds Linux Targeting

We detail the update that advanced persistent threat (APT) group Iron Tiger made on the custom malware family SysUpdate. In this version, we also found components that enable the malware to compromise Linux systems.

Trend Micro
Mar 1, 2023 at 9:35amWeb