Researchers say five Chinese-language APT groups are using the same Linux toolset used in series of targeted attacks. The groups were tied to the Winnti Group, a supply-chain specialist gang. The toolset contains six different pieces of malware, including a rootkit and a backdoor. The fifth item is an attacker control panel, capable of managing both Windows and Linux targets simultaneously, with its own graphical user interface. And finally, the sixth item is the Linux XOR DDoS botnet, first coming to notice in 2015.
Source: https://threatpost.com/black-hat-linux-spyware-stack-chinese-apts/158092/