Chinese hackers use DNS-over-HTTPS for Linux malware communication

The Chinese threat group ChamelGang infects Linux computers with the ChamelDoH implant, which enables DNS-over-HTTPS contact with the attackers servers.A new Linux implant created in C++ that increases the threat actors toolkit for penetration and, consequently, the attackers indicators of compromise is described in a study released yesterday by Stairwell and shared with BleepingComputer.

Positive Technologies originally identified the specific threat actor in September 2021, but the researchers only paid attention to the Windows toolkit at the time. The connection between ChamelGang and the new Linux malware is made possible by a domain that had previously been linked to the threat actor and a unique privilege elevation mechanism that Positive Technologies had noticed in prior ChamelGang attacks.

Chinese hackers use DNS-over-HTTPS for Linux malware communication

Solutions

Services

Services

Knowledge

Solutions

Industries

Contact

Invinsense

About

INDIA | Ahmedabad

SRI LANKA

KUWAIT

USA | New York

UNITED KINGDOM | London

Address

Chinese hackers use DNS-over-HTTPS for Linux malware communication

14-Jun-23

Solutions

Services

Services

Knowledge

Solutions

Industries

Contact

Invinsense

About

INDIA | Ahmedabad

SRI LANKA

KUWAIT

USA | New York

UNITED KINGDOM | London

Address