""Unlike conventional malware, BPFdoor does not expose listening ports or maintain visible command-and-control channels. Instead, it abuses Berkeley Packet Filter (BPF) functionality to inspect network traffic directly inside the kernel, activating only when it receives a specifically crafted trigger packet.""
""There is no persistent listener or obvious beaconing. The result is a hidden trapdoor embedded within the operating system itself.""
A long-term campaign attributed to a China-nexus threat actor, known as Red Menshen, has infiltrated telecom networks for espionage against government systems. This group has targeted telecom providers in the Middle East and Asia since 2021. The campaign employs advanced techniques, including kernel-level implants and credential-harvesting tools, allowing persistent access to networks. A notable tool is BPFDoor, which operates stealthily without exposing listening ports. Initial access is gained through vulnerabilities in internet-facing infrastructure and edge services from major vendors.
Read at The Hacker News
Unable to calculate read time
Collection
[
|
...
]