Reptile Rootkit Targets Linux Systems in South Korea

Threat Level

Attack Report

For a detailed threat advisory, download the pdf file here

Summary

Reptile, an open-source Linux rootkit, goes beyond concealment, offering attackers a reverse shell and utilizing Port Knocking for control; observed in attacks including Chinese groups exploiting zero-days. Similarities to Mélofée malware suggest potential connections in attack strategies.

To receive real-time threat advisories, please follow HiveForce Labs on LinkedIn.