OrBit (Re)turns: Tracking an open-source Linux rootkit across four years of forks and deployments

The OrBit Linux rootkit is not novel malware but a selectively weaponized fork of the open-source Medusa rootkit, repurposed and redeployed by multiple unrelated threat actors over four years, illustrating how public offensive tooling enables diverse and persistent real-world attacks through simple build and configuration changes rather than new code development.