Chinese Hackers Caught Deep Within Telecom Backbone Infrastructure

A China-linked state-sponsored threat actor has deployed kernel implants and passive backdoors deep within telecommunication backbone infrastructure worldwide for long-term persistence, Rapid7 reports.

The stealth digital sleeper cells have not been attributed to any known APT but are meant for high-level espionage, including against government networks, the cybersecurity firm says.

The persistent tools were deployed as part of apparent discreet breaches that are characterized by recurring elements, suggesting an ongoing operation aimed at “embedding stealthy access mechanisms deep inside telecom and critical environments” for extended access.

As part of its investigation, Rapid7 uncovered passive backdoors and kernel-level implants that have been used in combination with credential harvesters and cross-platform command frameworks.

“Together, these components form a persistent access layer designed not simply to breach networks, but to inhabit them,” the cybersecurity firm warns.

One of the central pieces of the campaign is BPFdoor, a stealthy Linux backdoor that was publicly ...