China-Linked Hackers Embed Stealthy Malware in Global Telecom Networks, Raises Espionage Fears
Synopsis
Key Takeaways
New Delhi, March 27 (NationPress) A state-sponsored hacking group with ties to China has been discovered implanting highly covert malware within global telecom infrastructures, stirring concerns about prolonged cyber espionage, according to a recent report.
The findings from the cybersecurity firm Rapid7 indicate that the attackers have utilized sophisticated tools like kernel-level implants and passive backdoors specifically designed to evade detection for extended durations.
These tools function like “digital sleeper cells,” enabling hackers to discreetly observe systems and retain access without being noticed.
While there is no official connection to any recognized advanced persistent threat (APT) group, experts suspect that the operation targets high-profile espionage, including potential surveillance of governmental and critical communication networks.
The investigation by Rapid7 revealed that the attackers employed a blend of strategies to infiltrate and maintain their presence.
They took advantage of vulnerabilities in widely used software from companies like Cisco, Fortinet, VMware, Palo Alto Networks, and Ivanti, along with web platforms such as Apache Struts, to breach networks.
A notable tool in this operation is a Linux-based backdoor known as BPFdoor.
This malware operates within the system’s kernel and remains dormant while tracking network traffic.
It activates only upon detecting a specific hidden signal within data packets, making it exceptionally hard to identify, the report detailed.
Once the attackers gain entry, they deploy further tools like credential harvesters, keyloggers, and remote command frameworks to navigate through systems and retain control.
They also implement passive backdoors like TinyShell to ensure ongoing access, even if parts of the attack are uncovered.
Rapid7 cautioned that the intention behind this operation is not merely to compromise individual systems but to establish a foothold in the essential infrastructure that underpins telecom networks.
This encompasses both traditional systems and contemporary cloud-based environments such as Kubernetes, which are extensively utilized in telecom sectors.
The report emphasizes that newer iterations of the malware are even more sophisticated, concealing their signals within seemingly ordinary encrypted web traffic and employing multiple strategies to circumvent security measures.
Cybersecurity experts warn that such operations are particularly perilous as they target the backbone of communication systems, allowing attackers to potentially monitor data flows, disrupt services, or lay the groundwork for future cyber assaults.