Illuminating VoidLink: Technical analysis of the VoidLink rootkit framework

## Executive summary This report analyzes leaked source code and binaries for VoidLink, a sophisticated hybrid Linux kernel rootkit (LKM + eBPF) that provides process and network hiding, an ICMP-based covert command channel with runtime credential rotation, privilege escalation, anti-forensics/anti-debugging, delayed hook initialization, and integration with fileless implants; the dump contains multi-generation development artifacts, compiled .ko files, Alibaba Cloud operator IPs, and detection/remediation guidance.