Bleepingcomputer
Showboat Malware Targets Telecoms in China-Aligned Cyber Espionage Campaign
Ask AI about this cluster
Analyzing cluster data...
Referenced clusters:
Something went wrong. Please try again.
Cluster AI
Ask questions about this threat cluster with AI-powered analysis.
Get Researcher $29.99/moArticle Content
A new Linux malware family named Showboat has been discovered, targeting telecommunications firms primarily in the Middle East and Central Asia since mid-2022. Researchers from Lumen's Black Lotus Labs and PwC identified Showboat as part of a campaign linked to the China-based threat actor Red Lamassu (Calypso). The malware operates as a post-exploitation framework, allowing attackers to maintain persistence, conduct file transfers, and act as a SOCKS5 proxy. It has been associated with multiple command-and-control nodes in Chengdu, China. The malware's stealthy nature is underscored by its ability to conceal its processes and retrieve code from external sources. Victims include telecommunications providers in Afghanistan, Kazakhstan, and potentially the U.S. and Ukraine. The campaign highlights the ongoing risk posed by state-aligned actors leveraging shared tools for espionage.
Key Points: • Showboat malware targets telecom firms in the Middle East and Central Asia since mid-2022. • Linked to the China-based threat actor Red Lamassu, also known as Calypso. • Malware features include SOCKS5 proxy functionality and process concealment.