Tag: linux

The EU Is Going Through a Trump-Fueled Breakup With Big Tech

Posted on by faz_business


As tensions between President Donald Trump and Europe continue to simmer, the continent is accelerating its moves to reduce its addiction to US technology. Cities and governments are ditching Microsoft Office for open-source alternatives, shifting to European cloud hosting for local AI, and moving defense data to systems without American involvement. Nowhere has this been more clear than in France.

Over the last few months, the French government has sped up its efforts to develop and deploy its own technology for government officials. The country has, arguably, emerged at the head of Europe’s growing digital sovereignty push, which aims to cut some reliance on US-based technology over concerns around data security, the Trump administration’s unpredictability, and changing prices. French budget minister David Amiel recently called for the state to “break free” from American systems and use those it can control.

“We are not just explaining what we want to do,” Stéphanie Schaer, the head of DINUM, France’s digital transformation ministry, tells WIRED over a call on the nation’s video-calling platform Visio. “We already did it in a few matters.” So far, more than 40,000 French government staff have started using the home-grown video platform, while the rest will move away from Zoom, Microsoft Teams, and others by 2027. “We are confident enough to use it every day and we are not dependent on just one actor that will tell us you have to use my video conference,” Schaer says.

Across France’s central government agencies and vast civil service, officials plan to shift to as many French, European, and open source technology alternatives as possible in the coming years. Schaer says it is important for the French government to be in control of the technology that it is using, with data being stored locally in the country, not abroad.

As part of this, DINUM has been developing a set of productivity tools, collectively called “LaSuite,” since at least 2023. As well as Visio, it includes instant messaging app Tchap, Messagerie instead of Gmail or Outlook, Fichiers for documents and file sharing, plus text editing software Docs, and Grist for spreadsheets. Some of the software is still in beta and has not been fully rolled out to French officials yet. However, Tchap already has 420,000 active users, Schaer says, with 20,000 civil servants adopting it each month.

“We are based on open source software. So we don’t develop all the code,” Schaer says. There are public plans for new features, although code is published on Microsoft-owned Github. All data handled by the alternatives has to be processed in France and stored with providers who have approval from the country’s cybersecurity agency ANSSI. Earlier this month, the Dutch government moved its open-source code off of GitHub and onto a Forgejo instance hosted on government-owned servers.

While open source is key, the French government is also working with other countries and private firms on the development of its tools. “We can reuse what has been developed by the community and we contribute to this community,” Schaer says. For instance, Visio, which can host calls of up to 150 people and has AI transcription of calls, is built on technology from French firms Outscale and Pyannote.

While Schaer’s department is aiming to lead by example, all of France’s central government agencies have to come up with plans to move away from US tech—across office software, antivirus, AI, databases, and more—by this fall. On April 23, French officials also announced the country will move its health data platform away from Microsoft to local cloud provider Scaleway, after a years-long decision process.

Stealthy Malware Has Infected Thousands of Linux Systems for Years

Posted on by faz_business


Other discussions include: Reddit, Stack Overflow (Spanish), forobeta (Spanish), brainycp (Russian), natnetwork (Indonesian), Proxmox (Deutsch), Camel2243 (Chinese), svrforum (Korean), exabytes, virtualmin, serverfault and many others.

After exploiting a vulnerability or misconfiguration, the exploit code downloads the main payload from a server, which, in most cases, has been hacked by the attacker and converted into a channel for distributing the malware anonymously. An attack that targeted the researchers’ honeypot named the payload httpd. Once executed, the file copies itself from memory to a new location in the /temp directory, runs it, and then terminates the original process and deletes the downloaded binary.

Once moved to the /tmp directory, the file executes under a different name, which mimics the name of a known Linux process. The file hosted on the honeypot was named sh. From there, the file establishes a local command-and-control process and attempts to gain root system rights by exploiting CVE-2021-4043, a privilege-escalation vulnerability that was patched in 2021 in Gpac, a widely used open source multimedia framework.

The malware goes on to copy itself from memory to a handful of other disk locations, once again using names that appear as routine system files. The malware then drops a rootkit, a host of popular Linux utilities that have been modified to serve as rootkits, and the miner. In some cases, the malware also installs software for “proxy-jacking,” the term for surreptitiously routing traffic through the infected machine so the true origin of the data isn’t revealed.

The researchers continued:

As part of its command-and-control operation, the malware opens a Unix socket, creates two directories under the /tmp directory, and stores data there that influences its operation. This data includes host events, locations of the copies of itself, process names, communication logs, tokens, and additional log information. Additionally, the malware uses environment variables to store data that further affects its execution and behavior.

All the binaries are packed, stripped, and encrypted, indicating significant efforts to bypass defense mechanisms and hinder reverse engineering attempts. The malware also uses advanced evasion techniques, such as suspending its activity when it detects a new user in the btmp or utmp files and terminating any competing malware to maintain control over the infected system.

By extrapolating data such as the number of Linux servers connected to the internet across various services and applications, as tracked by services such as Shodan and Censys, the researchers estimate that the number of machines infected by Perfctl is measured in the thousands. They say that the pool of vulnerable machines—meaning those that have yet to install the patch for CVE-2023-33426 or contain a vulnerable misconfiguration—is in the millions. The researchers have yet to measure the amount of cryptocurrency the malicious miners have generated.

People who want to determine if their device has been targeted or infected by Perfctl should look for indicators of compromise included in Thursday’s post. They should also be on the lookout for unusual spikes in CPU usage or sudden system slowdowns, particularly if they occur during idle times. Thursday’s report also provides steps for preventing infections in the first place.

This story originally appeared on Ars Technica.