MalwareMar 27, 2026
China Upgrades the Backdoor It Uses to Spy on Telcos Globally
Chinese APT Red Menshen upgrades BPFdoor malware targeting telecommunications infrastructure globally.
Summary
Chinese state-sponsored APT group Red Menshen has upgraded its sophisticated BPFdoor backdoor malware, which uses eBPF (extended Berkeley Packet Filter) to evade traditional detection and security controls. The malware is specifically designed to target telecommunications providers worldwide, enabling persistent espionage and command-and-control access. Organizations have limited mitigation options beyond active threat hunting and detection of the malware's artifacts.
Indicators of Compromise
- malware — BPFdoor