China-linked APT Gelsemium has deployed a new Linux backdoor called WolfsBane in attacks targeting East and Southeast Asia.
The backdoor WolfsBane is a Linux version of Gelsevirine, a Windows backdoor previously used by Gelsemium APT.
The shift to targeting Linux reflects APT groups adapting to enhanced Windows defenses and focusing on vulnerabilities in internet-facing Linux systems.
The initial access method used by Gelsemium APT is still unclear, but researchers believe web application vulnerabilities were exploited.