Threat Research

    Unveiling VoidLink – A Stealthy, Cloud-Native Linux Malware Framework

    VoidLink is a sophisticated malware framework composed of custom loaders, implants, rootkits, and modular plugins that enable persistent access to Linux systems. It is built to function reliably in cloud and containerized environments, with a strong focus on long-term operations....
    1/22/2026  0
    Read More »

    Operation Zero Disco: Attackers Exploit Cisco SNMP Vulnerability to Deploy Rootkits

    Attackers leveraged a Cisco SNMP vulnerability (CVE-2025-20352) to install Linux rootkits on outdated and unsecured systems. This allowed them to achieve remote code execution (RCE) and maintain persistent, unauthorized access by setting universal passwords and embedding hooks into the IOSd memory space....
    10/16/2025  0
    Read More »

    Earth Kurma APT Campaign Targets Southeast Asian Government, Telecom Sectors

    The Earth Kurma APT campaign targets government and telecommunications sectors in Southeast Asia, particularly in the Philippines, Vietnam, Thailand, and Malaysia. This sophisticated attack uses advanced malware, including custom rootkits and cloud storage for data exfiltration....
    4/28/2025  0
    Read More »

    Deep Dive Into a Linux Rootkit Malware

    In this analysis, we examined the rootkit malware in detail. We first described how the kernel module establishes a Netfilter hook function on NF_INET_PRE_ROUTING to intercept incoming TCP traffic directed to the compromised system....
    1/14/2025  0
    Read More »
    Looking for Something?
    Threat Research Categories:
    Tags

    Privacy & Security StatementTerms & Conditions
    Copyright © 2026 by Gurucul - All rights reserved.