Linux Backdoor RedXOR Likely Operated by Chinese Nation-State
released on 2021-03-10 @ 08:58:26 PM
Intezer has discovered a new sophisticated backdoor targeting Linux endpoints and servers. Based on Tactics, Techniques, and Procedures (TTPs) the backdoor is believed to be developed by Chinese nation-state actors. The backdoor masquerades itself as polkit daemon. Intezer named it RedXOR for its network data encoding scheme based on XOR. The malware was compiled on Red Hat Enterprise Linux.
We provide recommendations for detecting and responding to this threat below