{"id":146591,"date":"2022-09-17T21:23:41","date_gmt":"2022-09-18T02:23:41","guid":{"rendered":"https:\/\/lifeboat.com\/blog\/2022\/09\/sparklinggoblin-apt-hackers-using-new-linux-variant-of-sidewalk-backdoor"},"modified":"2022-09-17T21:23:41","modified_gmt":"2022-09-18T02:23:41","slug":"sparklinggoblin-apt-hackers-using-new-linux-variant-of-sidewalk-backdoor","status":"publish","type":"post","link":"https:\/\/lifeboat.com\/blog\/2022\/09\/sparklinggoblin-apt-hackers-using-new-linux-variant-of-sidewalk-backdoor","title":{"rendered":"SparklingGoblin APT Hackers Using New Linux Variant of SideWalk Backdoor"},"content":{"rendered":"<p><a class=\"aligncenter blog-photo\" href=\"https:\/\/lifeboat.com\/blog.images\/sparklinggoblin-apt-hackers-using-new-linux-variant-of-sidewalk-backdoor.jpg\"><\/a><\/p>\n<p>SparklingGoblin is the name given to a Chinese advanced persistent threat (APT) group with connections to the <a href=\"https:\/\/www.mandiant.com\/resources\/blog\/apt41-dual-espionage-and-cyber-crime-operation\" rel=\"noopener\" target=\"_blank\">Winnti umbrella<\/a> (aka APT41, Barium, Earth Baku, or Wicked Panda). It\u2019s primarily known for its attacks targeting various entities in East and Southeast Asia at least since 2019, with a specific focus on the academic sector.<\/p>\n<p>In August 2021, ESET unearthed a new piece of custom Windows malware codenamed <a href=\"https:\/\/thehackernews.com\/2021\/08\/new-sidewalk-backdoor-targets-us-based.html\" rel='noopener' target=\"_blank\">SideWalk<\/a> (aka <a href=\"https:\/\/www.trendmicro.com\/vinfo\/us\/security\/news\/cybercrime-and-digital-threats\/earth-baku-returns\" rel='noopener' target=\"_blank\">ScrambleCross<\/a>) that was exclusively leveraged by the actor to strike an unnamed computer retail company based in the U.S.<\/p>\n<p>Subsequent findings from Symantec, part of Broadcom software, have linked the use of SideWalk to an espionage attack group it tracks under the moniker <a href=\"https:\/\/thehackernews.com\/2021\/09\/experts-link-sidewalk-malware-attacks.html\" rel=\"noopener\" target=\"_blank\">Grayfly<\/a>, while pointing out the malware\u2019s similarities to that of Crosswalk.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>SparklingGoblin is the name given to a Chinese advanced persistent threat (APT) group with connections to the Winnti umbrella (aka APT41, Barium, Earth Baku, or Wicked Panda). It\u2019s primarily known for its attacks targeting various entities in East and Southeast Asia at least since 2019, with a specific focus on the academic sector. In August [\u2026]<\/p>\n","protected":false},"author":427,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[34],"tags":[],"class_list":["post-146591","post","type-post","status-publish","format-standard","hentry","category-cybercrime-malcode"],"_links":{"self":[{"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/posts\/146591","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/users\/427"}],"replies":[{"embeddable":true,"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/comments?post=146591"}],"version-history":[{"count":0,"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/posts\/146591\/revisions"}],"wp:attachment":[{"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/media?parent=146591"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/categories?post=146591"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/tags?post=146591"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}