VoidLink threat analysis: Sysdig discovers C2-compiled kernel rootkits

**Executive summary:** Sysdig TRT analyzed VoidLink, a sophisticated Linux malware framework that uses a three-stage fileless loader (written in Zig), serverside rootkit compilation to produce kernel modules tailored to victim kernels, eBPF/LKM-based stealth hooks, adaptive EDR/CDR profiling, ICMP covert control, and cloud-native escape/privesc plugins; the report includes IOCs (hashes, C2 IP and endpoints, file and process artifacts) and detection/mitigation recommendations for runtime monitoring and kernel/eBPF auditing.