IPsec Helper is a backdoor implant used by Agrius APT. Agrius is attributed to Iran and allegedly targets Israeli systems. IPsec Helper is written in .net and provides many services to its owner.
Linux that was assumed to be "safe" from malware is getting attention from attackers. RedXOR is a Linux malware allegedly attributed to Chinese hackers.
Kobalos, a new malware that targets Linux, FreeBSD and Solaris High performance Systems. It targets are carefully selected and targeted.
Fireeye and other users of SolarWinds Orion IT monitoring and management software had been compromised by SolarWinds Supply Chain Attack. Threat actor behind this attack is identified as UNC2452 or Dark Halo.
PowerPepper is a Windows in-memory PowerShell backdoor that can execute remotely sent shell commands. It is associated with DeathStalker (formerly called Deceptikons), a threat actor know to be active since 2012. The threat actor consistently used what is called "dead-drop resolvers" (DDRs), which is an obfuscated content hosted on major public web services like YouTube, Twitter or Reddit, once decoded by malware this content reveals a command-and-control (C2) server address.