BPFDoor is a malware family tracked across 11 threat clusters and 26 intelligence report mentions on ThreatCluster. First observed November 6, 2025; most recent activity May 21, 2026.
A China-linked threat actor known as Red Menshen has been conducting a long-term espionage campaign targeting global telecommunications networks using a stealthy Linux kernel backdoor called BPFdoor. This malware…
Rapid7 Labs has identified a sustained espionage campaign by a China-nexus threat actor, Red Menshen, targeting global telecommunications infrastructure. The research, titled 'Sleeper Cells in the Telecom Backbone,'…
A new Linux malware family named Showboat has been discovered, targeting telecommunications firms primarily in the Middle East and Central Asia since mid-2022. Researchers from Lumen's Black Lotus Labs and PwC…
In 2026, global cybersecurity spending is projected to reach $244 billion, driven by tighter regulations and the emergence of AI-driven vulnerabilities. The U.S. Intelligence Community's 2026 Annual Threat Assessment…
Seven new variants of the BPFDoor malware have been identified, enhancing stealth in compromising major telecommunication networks. These variants utilize stateless command-and-control (C2) routing and employ techniques…
BPFDoor and Symbiote rootkits are exploiting vulnerabilities in eBPF filters to compromise Linux systems. These advanced threats are designed to evade detection and have raised alarms in the cybersecurity community.…
KT Corp., South Korea's second-largest mobile carrier, concealed malware infections on 43 servers from March to July 2024. A government-led investigation revealed that the company failed to report these security…
Five individuals have pleaded guilty to facilitating North Korean operatives in obtaining remote IT jobs at U.S. companies by using false and stolen identities. The U.S. Department of Justice has also seized $15 million…
The Ministry of Science and ICT announced the findings of a public-private investigation into a breach at KT. Out of 33,000 servers inspected, 94 were infected with 103 types of malware, including BPFDoor and Rootkit,…
KT Corp., South Korea's second-largest mobile carrier, concealed malware infections on 43 servers between March and July 2024. A government-led investigation revealed that the company failed to report these security…