Rapid7 Reports State-Sponsored Espionage in Global Telecoms

Severity: High (Score: 77.9)

Sources: Globenewswire, Markets.Businessinsider, Stocktitan, Cybermagazine

Summary

Rapid7 Labs has identified a sustained espionage campaign by a China-nexus threat actor, Red Menshen, targeting global telecommunications infrastructure. The research, titled 'Sleeper Cells in the Telecom Backbone,' reveals long-term access that poses a national security concern due to the potential for intelligence collection on entire populations. Key vulnerabilities include kernel-level backdoors and the abuse of encrypted HTTPS traffic. Rapid7 has released a free, open-source scanning script to help organizations detect potential compromises. The findings indicate critical visibility gaps in detection capabilities, emphasizing the need for preemptive detection strategies. Rapid7 is actively working with affected organizations to mitigate risks. The research was presented at the RSAC 2026 Conference on March 26, 2026. Key Points: • A China-nexus threat actor, Red Menshen, has gained covert access to global telecom infrastructure. • The espionage campaign poses significant risks to national security and critical systems. • Rapid7 has released a scanning tool to help organizations detect potential compromises.

Key Entities

• Red Menshen (apt_group)
• Espionage (attack_type)
• Malware (attack_type)
• Sleeper Cells In The Telecom Backbone (campaign)
• Telecommunications (industry)
• BPFDoor (malware)
• T1036 - Masquerading (mitre_attack)