The LightBasin threat actor is using the new Unix rootkit Caketap against servers running Oracle Solaris. Caketap can hide network files, processes, and connections, and install hooks into system functions for remote commands and configurations. The group has mostly targeted Oracle Solaris-based systems with TINYSHELL and SLAPSTICK backdoors.