Rapid7 Reports State-Sponsored Espionage in Global Telecoms

Rapid7 Reports State-Sponsored Espionage in Global Telecoms

First seen 26 Mar 2026, 13:46 UTC GlobenewswireStocktitanMarkets.BusinessinsiderCybermagazine 78% similarity 77.9

Article Content

Browse articles
ThreatCluster

Rapid7 Labs has identified a sustained espionage campaign by a China-nexus threat actor, Red Menshen, targeting global telecommunications infrastructure. The research, titled 'Sleeper Cells in the Telecom Backbone,' reveals long-term access that poses a national security concern due to the potential for intelligence collection on entire populations. Key vulnerabilities include kernel-level backdoors and the abuse of encrypted HTTPS traffic. Rapid7 has released a free, open-source scanning script to help organizations detect potential compromises. The findings indicate critical visibility gaps in detection capabilities, emphasizing the need for preemptive detection strategies. Rapid7 is actively working with affected organizations to mitigate risks. The research was presented at the RSAC 2026 Conference on March 26, 2026.

Key Points: • A China-nexus threat actor, Red Menshen, has gained covert access to global telecom infrastructure. • The espionage campaign poses significant risks to national security and critical systems. • Rapid7 has released a scanning tool to help organizations detect potential compromises.

ThreatCluster AI

Timeline

2026-03-18
Global Threat Landscape Report released by Rapid7
2026-03-19
Rapid7 announces new cloud security capabilities
2026-03-26
Research findings presented at RSAC 2026 Conference
2026-03-26
Rapid7 releases open-source scanning script

Community

Browse all →