"The persistent tools were deployed as part of apparent discreet breaches that are characterized by recurring elements, suggesting an ongoing operation aimed at embedding stealthy access mechanisms deep inside telecom and critical environments for extended access."
"Together, these components form a persistent access layer designed not simply to breach networks, but to inhabit them, highlighting the sophistication and intent behind the cyber intrusions."
"One of the central pieces of the campaign is BPFdoor, a stealthy Linux backdoor that was publicly detailed in 2021, which uses Berkeley Packet Filter functionality for packet inspection within the kernel."
A state-sponsored threat actor linked to China has infiltrated telecommunication backbone infrastructure worldwide using kernel implants and passive backdoors. These stealthy tools are designed for high-level espionage, targeting government networks and critical environments. The operation involves discreet breaches characterized by recurring elements, indicating a long-term strategy for persistent access. Key components include BPFdoor, a Linux backdoor, and frameworks like CrossC2 and TinyShell, which facilitate command execution and lateral movement within compromised networks.
Read at SecurityWeek
Unable to calculate read time
Collection
[
|
...
]