11.Locks IsometricPattern Esm W900

The APT27 hacking group, aka "Iron Tiger," has prepared a new Linux version of its SysUpdate custom remote access malware, allowing the Chinese cyberespionage group to target more services used in the enterprise.

According to a new report by Trend Micro, the hackers first tested the Linux version in July 2022. However, only in October 2022 did multiple payloads begin circulating in the wild. 

The new malware variant is written in C++ using the Asio library, and its functionality is very similar to Iron Tiger's Windows version of SysUpdate.

The threat actor's interest in expanding the targeting scope to systems beyond Windows became evident last summer when SEKOIA and Trend Micro reported seeing APT27 targeting Linux and macOS systems using a new backdoor named "rshell."