Security researchers at Intezer have discovered a previously undocumented backdoor dubbed RedXOR, with links to a Chinese-sponsored hacking group and used in ongoing attacks targeting Linux systems.
The RedXOR malware samples found by Intezer were uploaded to VirusTotal (1, 2) from Taiwan and Indonesia (known targets for Chinese state hackers) and have low detection rates.
Based on command-and-control servers still being active, the Linux backdoor is being used in ongoing attacks targeting both Linux servers and endpoints.
