Thu Nov 21 23:48:48 2024
EVENTS
 FREE
SOFTWARE
INSTITUTE

POLITICS
JOBS
MEMBERS'
CORNER

MAILING
LIST

NYLXS Mailing Lists and Archives
NYLXS Members have a lot to say and share but we don't keep many secrets. Join the Hangout Mailing List and say your peice.

DATE 2024-08-01

HANGOUT

2024-11-21 | 2024-10-21 | 2024-09-21 | 2024-08-21 | 2024-07-21 | 2024-06-21 | 2024-05-21 | 2024-04-21 | 2024-03-21 | 2024-02-21 | 2024-01-21 | 2023-12-21 | 2023-11-21 | 2023-10-21 | 2023-09-21 | 2023-08-21 | 2023-07-21 | 2023-06-21 | 2023-05-21 | 2023-04-21 | 2023-03-21 | 2023-02-21 | 2023-01-21 | 2022-12-21 | 2022-11-21 | 2022-10-21 | 2022-09-21 | 2022-08-21 | 2022-07-21 | 2022-06-21 | 2022-05-21 | 2022-04-21 | 2022-03-21 | 2022-02-21 | 2022-01-21 | 2021-12-21 | 2021-11-21 | 2021-10-21 | 2021-09-21 | 2021-08-21 | 2021-07-21 | 2021-06-21 | 2021-05-21 | 2021-04-21 | 2021-03-21 | 2021-02-21 | 2021-01-21 | 2020-12-21 | 2020-11-21 | 2020-10-21 | 2020-09-21 | 2020-08-21 | 2020-07-21 | 2020-06-21 | 2020-05-21 | 2020-04-21 | 2020-03-21 | 2020-02-21 | 2020-01-21 | 2019-12-21 | 2019-11-21 | 2019-10-21 | 2019-09-21 | 2019-08-21 | 2019-07-21 | 2019-06-21 | 2019-05-21 | 2019-04-21 | 2019-03-21 | 2019-02-21 | 2019-01-21 | 2018-12-21 | 2018-11-21 | 2018-10-21 | 2018-09-21 | 2018-08-21 | 2018-07-21 | 2018-06-21 | 2018-05-21 | 2018-04-21 | 2018-03-21 | 2018-02-21 | 2018-01-21 | 2017-12-21 | 2017-11-21 | 2017-10-21 | 2017-09-21 | 2017-08-21 | 2017-07-21 | 2017-06-21 | 2017-05-21 | 2017-04-21 | 2017-03-21 | 2017-02-21 | 2017-01-21 | 2016-12-21 | 2016-11-21 | 2016-10-21 | 2016-09-21 | 2016-08-21 | 2016-07-21 | 2016-06-21 | 2016-05-21 | 2016-04-21 | 2016-03-21 | 2016-02-21 | 2016-01-21 | 2015-12-21 | 2015-11-21 | 2015-10-21 | 2015-09-21 | 2015-08-21 | 2015-07-21 | 2015-06-21 | 2015-05-21 | 2015-04-21 | 2015-03-21 | 2015-02-21 | 2015-01-21 | 2014-12-21 | 2014-11-21 | 2014-10-21 | 2014-09-21 | 2014-08-21 | 2014-07-21 | 2014-06-21 | 2014-05-21 | 2014-04-21 | 2014-03-21 | 2014-02-21 | 2014-01-21 | 2013-12-21 | 2013-11-21 | 2013-10-21 | 2013-09-21 | 2013-08-21 | 2013-07-21 | 2013-06-21 | 2013-05-21 | 2013-04-21 | 2013-03-21 | 2013-02-21 | 2013-01-21 | 2012-12-21 | 2012-11-21 | 2012-10-21 | 2012-09-21 | 2012-08-21 | 2012-07-21 | 2012-06-21 | 2012-05-21 | 2012-04-21 | 2012-03-21 | 2012-02-21 | 2012-01-21 | 2011-12-21 | 2011-11-21 | 2011-10-21 | 2011-09-21 | 2011-08-21 | 2011-07-21 | 2011-06-21 | 2011-05-21 | 2011-04-21 | 2011-03-21 | 2011-02-21 | 2011-01-21 | 2010-12-21 | 2010-11-21 | 2010-10-21 | 2010-09-21 | 2010-08-21 | 2010-07-21 | 2010-06-21 | 2010-05-21 | 2010-04-21 | 2010-03-21 | 2010-02-21 | 2010-01-21 | 2009-12-21 | 2009-11-21 | 2009-10-21 | 2009-09-21 | 2009-08-21 | 2009-07-21 | 2009-06-21 | 2009-05-21 | 2009-04-21 | 2009-03-21 | 2009-02-21 | 2009-01-21 | 2008-12-21 | 2008-11-21 | 2008-10-21 | 2008-09-21 | 2008-08-21 | 2008-07-21 | 2008-06-21 | 2008-05-21 | 2008-04-21 | 2008-03-21 | 2008-02-21 | 2008-01-21 | 2007-12-21 | 2007-11-21 | 2007-10-21 | 2007-09-21 | 2007-08-21 | 2007-07-21 | 2007-06-21 | 2007-05-21 | 2007-04-21 | 2007-03-21 | 2007-02-21 | 2007-01-21 | 2006-12-21 | 2006-11-21 | 2006-10-21 | 2006-09-21 | 2006-08-21 | 2006-07-21 | 2006-06-21 | 2006-05-21 | 2006-04-21 | 2006-03-21 | 2006-02-21 | 2006-01-21 | 2005-12-21 | 2005-11-21 | 2005-10-21 | 2005-09-21 | 2005-08-21 | 2005-07-21 | 2005-06-21 | 2005-05-21 | 2005-04-21 | 2005-03-21 | 2005-02-21 | 2005-01-21 | 2004-12-21 | 2004-11-21 | 2004-10-21 | 2004-09-21 | 2004-08-21 | 2004-07-21 | 2004-06-21 | 2004-05-21 | 2004-04-21 | 2004-03-21 | 2004-02-21 | 2004-01-21 | 2003-12-21 | 2003-11-21 | 2003-10-21 | 2003-09-21 | 2003-08-21 | 2003-07-21 | 2003-06-21 | 2003-05-21 | 2003-04-21 | 2003-03-21 | 2003-02-21 | 2003-01-21 | 2002-12-21 | 2002-11-21 | 2002-10-21 | 2002-09-21 | 2002-08-21 | 2002-07-21 | 2002-06-21 | 2002-05-21 | 2002-04-21 | 2002-03-21 | 2002-02-21 | 2002-01-21 | 2001-12-21 | 2001-11-21 | 2001-10-21 | 2001-09-21 | 2001-08-21 | 2001-07-21 | 2001-06-21 | 2001-05-21 | 2001-04-21 | 2001-03-21 | 2001-02-21 | 2001-01-21 | 2000-12-21 | 2000-11-21 | 2000-10-21 | 2000-09-21 | 2000-08-21 | 2000-07-21 | 2000-06-21 | 2000-05-21 | 2000-04-21 | 2000-03-21 | 2000-02-21 | 2000-01-21 | 1999-12-21

Key: Value:

Key: Value:

MESSAGE
DATE 2024-08-10
FROM shulie
SUBJECT Subject: [Hangout - NYLXS] Chinese backdoors




Linux Threat Report: Earth Lusca Deploys Novel SprySOCKS Backdoor in
Attacks on Government Entities

by Jamieson Davis
on September 19, 2023

The threat actor Earth Lusca, linked to Chinese state-sponsored hacking
groups, has been observed utilizing a new Linux backdoor dubbed
SprySOCKS to target government organizations globally. 

As initially reported in January 2022 by Trend Micro, Earth Lusca has
been active since at least 2021 conducting cyber espionage campaigns
against public and private sector targets in Asia, Australia, Europe,
and North America. Their tactics include spear-phishing and watering
hole attacks to gain initial access. Some of Earth Lusca's activities
overlap with another Chinese threat cluster known as RedHotel.

In new research, Trend Micro reveals Earth Lusca remains highly active,
even expanding operations in the first half of 2023. Primary victims are
government departments focused on foreign affairs, technology, and
telecommunications. Attacks concentrate in Southeast Asia, Central Asia,
and the Balkans regions. 

After breaching internet-facing systems by exploiting flaws in Fortinet,
GitLab, Microsoft Exchange, Telerik UI, and Zimbra software, Earth Lusca
uses web shells and Cobalt Strike to move laterally. Their goal is
exfiltrating documents and credentials, while also installing additional
backdoors like ShadowPad and Winnti for long-term spying.

The Command and Control server delivering Cobalt Strike was also found
hosting SprySOCKS - an advanced backdoor not previously publicly
reported. With roots in the Windows malware Trochilus, SprySOCKS
contains reconnaissance, remote shell, proxy, and file operation
capabilities. It communicates over TCP mimicking patterns used by a
Windows trojan called RedLeaves, itself built on Trochilus.

At least two SprySOCKS versions have been identified, indicating ongoing
development. This novel Linux backdoor deployed by Earth Lusca
highlights the increasing sophistication of Chinese state-sponsored
threats. Robust patching, access controls, monitoring for unusual
activities, and other proactive defenses remain essential to counter
this advanced malware.

The Trend Micro researchers emphasize that organizations must minimize
attack surfaces, regularly update systems, and ensure robust security
hygiene to interrupt the tactics, techniques, and procedures of
relentless threat groups like Earth Lusca.


_______________________________________________
Hangout mailing list
Hangout-at-nylxs.com
http://lists.mrbrklyn.com/mailman/listinfo/hangout

  1. 2024-08-02 Ruben Safir <ruben-at-mrbrklyn.com> Subject: [Hangout - NYLXS] Spyware you pay for..
  2. 2024-08-02 Ruben Safir <mrbrklyn-at-panix.com> Subject: [Hangout - NYLXS] [noreply-at-studentaid.gov: Upcoming student debt
  3. 2024-08-02 Ruben Safir <ruben-at-mrbrklyn.com> Subject: [Hangout - NYLXS] [nj-at-nj.pcsjobs.org: Shortcut to a Lucrative
  4. 2024-08-02 Ruben Safir <ruben-at-mrbrklyn.com> Subject: [Hangout - NYLXS] Exactly what IS political corruption?
  5. 2024-08-02 Ruben Safir <ruben-at-mrbrklyn.com> Re: [Hangout - NYLXS] Exactly what IS political corruption?
  6. 2024-08-02 Ruben Safir <ruben-at-mrbrklyn.com> Re: [Hangout - NYLXS] Exactly what IS political corruption?
  7. 2024-08-05 Ruben Safir <ruben-at-mrbrklyn.com> Subject: [Hangout - NYLXS] Rape as a weapon in detail in the Arab war
  8. 2024-08-06 From: "Professional Career Services" <nj-at-nj.pcsjobs.org> Subject: [Hangout - NYLXS] Open House tonight! Masters in Accounting
  9. 2024-08-06 Ruben Safir <ruben-at-mrbrklyn.com> Subject: [Hangout - NYLXS] In a day loaded with news,
  10. 2024-08-08 Mithun Bhattacharya <mithnb-at-gmail.com> Re: [Hangout - NYLXS] reasons for modperl declines?
  11. 2024-08-08 Jeff Pang <jeff-at-simplemail.co.in> Re: [Hangout - NYLXS] reasons for modperl declines?
  12. 2024-08-08 Jeff Pang <jeff-at-simplemail.co.in> Re: [Hangout - NYLXS] reasons for modperl declines?
  13. 2024-08-07 Jeff Pang <jeff-at-simplemail.co.in> Subject: [Hangout - NYLXS] reasons for modperl declines?
  14. 2024-08-08 Guido Brugnara <gdo-at-leader.it> Re: [Hangout - NYLXS] reasons for modperl declines? ... pagination
  15. 2024-08-08 Guido Brugnara <gdo-at-leader.it> Re: [Hangout - NYLXS] reasons for modperl declines?
  16. 2024-08-08 Vincent Veyron <vv.lists-at-wanadoo.fr> Re: [Hangout - NYLXS] *** SPAM *** Re: reasons for modperl declines?
  17. 2024-08-08 Guido Brugnara <gdo-at-leader.it> Re: [Hangout - NYLXS] reasons for modperl declines?
  18. 2024-08-07 Jan Kasprzak <kas-at-fi.muni.cz> Re: [Hangout - NYLXS] reasons for modperl declines?
  19. 2024-08-08 Ruben Safir <ruben-at-mrbrklyn.com> Subject: [Hangout - NYLXS] [edwardjsabol-at-gmail.com: Re: cross-site scripting
  20. 2024-08-09 Ruben Safir <ruben-at-mrbrklyn.com> Subject: [Hangout - NYLXS] Fwd: What the Cori Bush defeat and the Tim Walz
  21. 2024-08-09 Ruben Safir <ruben-at-mrbrklyn.com> Subject: [Hangout - NYLXS] More Red Paint
  22. 2024-08-09 Ruben Safir <ruben-at-mrbrklyn.com> Subject: [Hangout - NYLXS] Jew hating Bigots and Journalist went to arrested
  23. 2024-08-10 Ruben Safir <ruben-at-mrbrklyn.com> Subject: [Hangout - NYLXS] Ancient Calender
  24. 2024-08-10 shulie <shulie_release-at-optimum.net> Subject: [Hangout - NYLXS] Chinese backdoors
  25. 2024-08-11 Ruben Safir <ruben-at-mrbrklyn.com> Subject: [Hangout - NYLXS] linux adim texts
  26. 2024-08-13 Ruben Safir <ruben-at-mrbrklyn.com> Subject: [Hangout - NYLXS] the rage to destroy -
  27. 2024-08-13 Ruben Safir <ruben-at-mrbrklyn.com> Subject: [Hangout - NYLXS] The kids are alright..
  28. 2024-08-14 Ruben Safir <ruben-at-mrbrklyn.com> Subject: [Hangout - NYLXS] DRM is theft
  29. 2024-08-15 Ruben Safir <ruben-at-mrbrklyn.com> Subject: [Hangout - NYLXS] Drug Price Controlls Bullshit
  30. 2024-08-16 Ruben Safir <ruben-at-mrbrklyn.com> Subject: [Hangout - NYLXS] Iran - New Zealand - all the same
  31. 2024-08-17 Ruben Safir <ruben-at-mrbrklyn.com> Subject: [Hangout - NYLXS] online privacy
  32. 2024-08-17 Ruben Safir <mrbrklyn-at-panix.com> Subject: [Hangout - NYLXS] Frontline on Israel
  33. 2024-08-18 Ruben Safir <ruben-at-mrbrklyn.com> Subject: [Hangout - NYLXS] Gaza Abductions live video
  34. 2024-08-18 Ruben Safir <ruben-at-mrbrklyn.com> Re: [Hangout - NYLXS] Gaza Abductions live video
  35. 2024-08-25 Ruben Safir <ruben-at-mrbrklyn.com> Subject: [Hangout - NYLXS] Just before Shabbat my phone and email lit up
  36. 2024-08-25 Ruben Safir <ruben-at-mrbrklyn.com> Subject: [Hangout - NYLXS] Parental Alienation is a mess..
  37. 2024-08-25 Ruben Safir <ruben-at-mrbrklyn.com> Subject: [Hangout - NYLXS] 3000 missles a day..
  38. 2024-08-26 Ruben Safir <ruben-at-mrbrklyn.com> Subject: [Hangout - NYLXS] Say what?
  39. 2024-08-26 Ruben Safir <mrbrklyn-at-panix.com> Re: [Hangout - NYLXS] Say what?
  40. 2024-08-28 Ruben Safir <ruben-at-mrbrklyn.com> Subject: [Hangout - NYLXS] Get off the train

NYLXS are Do'ers and the first step of Doing is Joining! Join NYLXS and make a difference in your community today!