SELECTED BY THE TALOS SECURITY INTELLIGENCE AND RESEARCH GROUP
Title: American intelligence agencies warn of uptick in Taidoor infections
Description: American intelligence agencies released a joint statement last week warning government agencies, contractors and think tanks of the Taidoor malware. Taidoor is believed to date back to 2008, having been spotted in the wild since 2012. The Department of Homeland Security's Cybersecurity and Infrastructure Security Agency, the Department of Defense's Cyber Command (CyberCom), and the FBI issued a joint statement outlining the new strain of malware, which masks its communication with a command and control (C2) server. The RAT carries out multiple espionage activities, including exfiltrating files.
Snort SIDs: 54801
Title: Linux malware used to infiltrate sensitive networks
Description: A new malware strain believed to originate from Russian state-sponsored actors is targeting networks that hold sensitive intelligence information. Known as Drovorub, CISA says the malware has gone undetected until recently, spying on networks and exfiltrating sensitive information. Drovorub is a fully functioning toolkit that includes the ability to infect Linux devices, a kernel to gain persistence and avoid detection, a server that reaches out to a C2 and an agent to act as an intermediary between infected machines and attacker-controlled servers. Linux users are urged to upgrade to version 3.7 or later.
Snort SIDs: 54793