A previously undocumented Linux backdoor attributed to China-linked threat group APT41 (Winnti) has been uncovered, targeting cloud workloads across AWS, GCP, Azure, and Alibaba Cloud. The ELF-based implant, currently showing zero detections on VirusTotal, transforms Linux servers into stealthy credential theft nodes using a novel SMTP-based command-and-control (C2) mechanism. The discovery indicates a new phase in APT41’s Linux and cloud-targeted […] The post APT41 Targets Linux Cloud Servers With New Winnti Backdoor appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.
First seen on gbhackers.com
Jump to article: gbhackers.com/new-winnti-backdoor/
