Chinese APT Red Menshen Deploys Upgraded BPFdoor Backdoor Targeting Global Telecom Operators
What Happened — Chinese state‑sponsored threat group Red Menshen has released an upgraded version of its BPFdoor malware, a low‑level backdoor that can infiltrate telecom network equipment and remain hidden from traditional antivirus and IDS solutions. The new variant is engineered for long‑term espionage and can exfiltrate call metadata, subscriber credentials, and any payload that traverses the carrier’s infrastructure.
Why It Matters for TPRM —
- Telecom carriers are a critical conduit for data exchanged between countless third‑party vendors and their customers.
- An undetected backdoor in a carrier’s core network can expose traffic from multiple downstream partners, creating a supply‑chain risk cascade.
- Many organizations lack direct visibility into carrier‑level security controls, making it essential to embed network‑level threat‑hunts into third‑party risk programs.
Who Is Affected — Telecommunications operators worldwide, network service providers, and any enterprise or SaaS vendor that routes traffic through these carriers.
Recommended Actions — Review contractual security clauses for network‑level threat detection, demand evidence of active hunting for advanced backdoors, deploy deep‑packet inspection and anomaly‑based monitoring on inbound/outbound traffic, and segment critical workloads to limit exposure to compromised carrier paths.
Technical Notes — Attack vector: custom BPFdoor malware delivered via compromised network equipment or supply‑chain insertion; evades signature‑based defenses through kernel‑level hooks. Data at risk includes call detail records, subscriber authentication tokens, and any application data traversing the telco backbone. Source: https://www.darkreading.com/threat-intelligence/china-upgrades-backdoor-spy-telcos