Chinese Hackers Using KEYPLUG Backdoor to Attack Windows & Linux Systems
1 min read
Apr 02, 2023
It has been reported by the Recorded Future’s Insikt Group that RedGolf, a Chinese state-sponsored threat actor group, was using a backdoor designed especially for Windows and Linux systems called KEYPLUG to infiltrate networks.
As one of the world’s most prolific threat groups, RedGolf has been active against a variety of industries around the world for many years.
There is a history of this group developing and using a variety of custom malware families over the years. It has demonstrated an ability to weaponize newly reported vulnerabilities quickly.
During 2021 and 2022, RedGolf targeted US state government entities using KEYPLUG, a custom and modular Linux backdoor.
Several KEYPLUG samples and infrastructures that RedGolf used from at least 2021 until 2023 have been identified by Insikt Group.
Related Articles
1 - 0 min read
Hacked VMs Reveal New Attack Risks
1 - 0 min read
Millions Of GitHub Repositories Infected With Malicious Code
1 - 0 min read
New GhostRace Attack Impacts Major CPU, Software Vendors
