A group of hackers dedicated to espionage attacks based in Russia has been targeting Linux computers using a simple Trojan malware that requires no root privileges, meaning the attackers have the option to install the malware using any account.
Pawn Storm, a cyberespionage group that has been active since more or less eight years ago, is known for its involvement in attacks that hit governmental, security and military organizations that belong to North Atlantic Treaty Organization countries.
The group uses a very simple Trojan malware to infect Linux systems, not only of those NATO organizations but also of defense companies and media outlets. Hackers from this group appear to be targeting political activists in Ukraine and critics of the Russian government.
Despite the simplicity of the Trojan, the effectiveness of the attack is remarkable. The group uses zero day exploits and spear phishing campaigns in order to spread files with malicious links and content attached to them. The group also targets other operating systems such as Windows through a backdoor program, as well as for Mac OS X through other malware tools.
The main tool used by these hackers is called Fysbis, a sort of Trojan that has a modular architecture for future enhancements and expansion to what it can perform through the addition of plug-ins. Palo Alto Networks, which discovered the Trojan, reported that the malware has the ability to install itself to a target computer even without a root privilege, which hackers typically require to gain privilege access to a protected system.
The goal is to steal data from infected systems for espionage and other malicious ends. So it does not really need to take control of the entire system, but only to access and pilfer sensitive data. At other times, the hackers spy on the browsing history of the victims and other related activities the user does with his or her computer.
The Fysbis attack demonstrates one glaring fact about the threat landscape: that it does not have to grow in sophistication in order to carry out their goals. It also highlights the weakness of the Linux system, often perceived as rather the most secure of all operating systems.
Also, it would be hard for organizations to detect Linux vulnerabilities in their systems because enterprises often invest in the protection, maintenance and security for their Windows systems. The increasing negligence toward Linux systems is what drives attackers to focus more on this infrastructure, which is still in wide use at present.