NewKerala.com

China-Linked Hackers Plant Stealth Malware in Global Telecom Networks

A China-linked state-sponsored hacking group has embedded highly stealthy malware deep within global telecom infrastructure, according to a report by cybersecurity firm Rapid7. The attackers use advanced tools like kernel-level implants and the Linux-based backdoor BPFdoor, which remains dormant until activated by a hidden signal in data packets. They gained access by exploiting vulnerabilities in systems from major companies like Cisco, Fortinet, and VMware, targeting both traditional and modern cloud-based environments. The operation's goal is to establish a long-term foothold for espionage, potentially allowing surveillance of government communications and critical networks.

Key Points: China Hackers Plant Stealth Malware in Telecom Networks

  • Kernel-level implants used
  • Exploited Cisco, Fortinet, VMware flaws
  • BPFdoor malware hides in network traffic
  • Targets telecom & cloud infrastructure
  • Aims for long-term espionage
2 min read

China-linked hackers plant stealth malware deep in global telecom networks: Report

Report reveals China-linked hackers implanted stealth malware in global telecom infrastructure for long-term cyber espionage and surveillance.

"digital sleeper cells - Rapid7 report"

New Delhi, March 27

A China-linked state-sponsored hacking group has been found embedding highly stealthy malware deep inside global telecom infrastructure, raising concerns of long-term cyber espionage, a report has said.

The data by cybersecurity firm Rapid7 showed that the attackers have deployed advanced tools such as kernel-level implants and passive backdoors designed to stay hidden inside networks for long periods.

These tools act like "digital sleeper cells", allowing hackers to quietly monitor systems and maintain access without being detected.

Although the activity has not been officially linked to any known advanced persistent threat (APT) group, experts believe the operation is aimed at high-level espionage, including potential surveillance of government and critical communication networks.

Rapid7's investigation found that the attackers used a combination of techniques to gain and maintain access.

They exploited vulnerabilities in widely used systems from companies like Cisco, Fortinet, VMware, Palo Alto Networks and Ivanti, along with web platforms such as Apache Struts, to break into networks.

One of the key tools used in the campaign is a Linux-based backdoor known as BPFdoor.

This malware operates inside the system's kernel and remains inactive while monitoring network traffic.

It only activates when it detects a specific hidden signal within data packets, making it extremely difficult to detect, the report said.

Once inside, the attackers deploy additional tools like credential harvesters, keyloggers and remote command frameworks to move across systems and maintain control.

They also use passive backdoors such as TinyShell to ensure continued access, even if some parts of the attack are discovered.

Rapid7 warned that the goal of the operation is not just to hack individual systems but to gain a foothold in the core infrastructure that powers telecom networks.

This includes both traditional systems and modern cloud-based environments like Kubernetes, which are widely used in telecom operations.

The report highlights that newer versions of the malware are even more advanced, hiding their signals inside normal-looking encrypted web traffic and using multiple techniques to bypass security layers.

Cybersecurity experts said such campaigns are particularly dangerous because they target the backbone of communication systems, allowing attackers to potentially monitor data flows, disrupt services, or prepare for future cyber operations.

- IANS

Share this article:

Reader Comments

P
Priya S
"Digital sleeper cells" is such an apt and terrifying description. It's like having a spy in your home who only wakes up when given a secret signal. Our cybersecurity agencies must be on high alert.
R
Rohit P
We rely so heavily on foreign tech (Cisco, VMware etc.). Time to seriously invest in and promote indigenous cybersecurity solutions and hardware. Atmanirbhar Bharat is not just a slogan, it's a security necessity.
M
Michael C
Working in IT in Bangalore, this hits close to home. Many Indian companies use these exact systems. The report mentions Kubernetes too, which is everywhere now. Regular patching and zero-trust architecture are no longer optional.
S
Shreya B
While the threat is real, I hope we don't see knee-jerk reactions or blanket bans that hurt business. The focus should be on building robust detection and resilient systems, not just pointing fingers. Collaboration between govt and private sector is key.
V
Vikram M
This isn't just about stealing data. Imagine the chaos if our communication networks were disrupted during a crisis. This is a national security issue of the highest order. Our agencies like CERT-In need all the resources they can get.

We welcome thoughtful discussions from our readers. Please keep comments respectful and on-topic.

Leave a Comment

Minimum 50 characters 0/50