Operation BlackTech ELF_TSCookie

The BlackTech threat actor has been in operation since at least 2012 and are known to target government agencies and private organizations with multiple malware families including PLEAD and TSCookie. In early 2020 it was discovered the cyber espionage group is also responsible for a variant of TSCookie targeted at the Linux operating system. The new variant has multiple characteristics which are different from the Windows version including only one communication channel, various code changes, and additional features by default.