A China-linked state-backed hacking group has been found placing highly stealthy malware deep inside telecom networks around the world, raising serious concerns about long-term cyber espionage, according to a report.
Cybersecurity firm Rapid7 said the attackers are using advanced tools such as kernel-level implants and hidden backdoors that can stay inside systems for a long time without being noticed.
These tools behave like digital sleeper cells. They quietly watch network activity and keep access open while avoiding detection.
Although the operation has not been officially tied to any known advanced persistent threat group, experts believe it is aimed at high-level spying, including monitoring government systems and critical communication networks.
Rapid7 found that the attackers used multiple methods to break into networks and stay inside them. They exploited weaknesses in widely used systems from companies such as Cisco, Fortinet, VMware, Palo Alto Networks, and Ivanti. They also targeted web platforms like Apache Struts.
One of the main tools used is a Linux-based backdoor called BPFdoor. This malware runs inside the system kernel and stays inactive while observing network traffic. It only becomes active when it detects a special hidden signal in data packets, making it extremely hard to find.
After gaining access, the attackers install more tools like credential stealers, keyloggers, and remote command systems to move across networks and maintain control.
They also use passive backdoors such as TinyShell to keep access even if part of the attack is discovered.
Rapid7 warned that the goal is not just to hack single systems but to take control of the core infrastructure that powers telecom networks. This includes both traditional systems and cloud environments like Kubernetes, which are widely used in telecom operations.
The report also noted that newer versions of the malware are more advanced. They hide their signals inside normal encrypted web traffic and use several techniques to bypass security systems.
If this article helped you, please consider supporting our work. Every small contribution keeps Abijita.com independent and running.
Experts say these attacks are especially dangerous because they target the backbone of communication networks. This could allow hackers to monitor data, disrupt services, or prepare for future cyber operations.
