People in China have been messing with a cutting-edge backdoor called "BPFdoor." Before it was updated, BPFdoor was already one of the most advanced malware implants in the world This article explores infrastructure targets bpfdoor. .
"We have confirmed victims in the Asia-Pacific (APAC) and in Europe," Rapid7's Christiaan Beek tells ZeroOwl. This is in addition to known targets in the Middle East and Africa. "Beek says that the Chinese threat actors are using our firewalls against us and letting the traffic through. He goes on to say, "I dare say this is definitely global."
"We also now have confirmation from [victimized] government networks, critical infrastructure networks, and defense networks." "They know exactly where their next implant in the network is, and they could actually send a command specifically [to any implant] in the traffic," he says. Red Menshen attacks are known for being very careful and knowing a lot about the infrastructure of their targets.
BPFdoor hides itself by using real service names and process behaviors that are common on HPE ProLiant servers or Kubernetes. "Honestly, when I talked to different telcos, they didn't know much about this threat or what it meant," Beek says. "I think the bigger question here is: are you really ready for these threats?" Beek: "Of course, the first step in that process is knowing that it exists.
It's strange that the malware isn't as well-known as it should be, even though it's been around for a few years. It's a level above what most cybersecurity tools can find and stop. Beek instead says that operators should just go out and find this thing.
