Cat is bagless - there’s a new version of #BPFDoor https://www.deepinstinct.com/blog/bpfdoor-malware-evolves-stealthy-sniffing-backdoor-ups-its-game
-
Cat is bagless - there’s a new version of #BPFDoor https://www.deepinstinct.com/blog/bpfdoor-malware-evolves-stealthy-sniffing-backdoor-ups-its-game
I’ve found it on orgs in Taiwan and Hong Kong so far.
-
Cat is bagless - there’s a new version of #BPFDoor https://www.deepinstinct.com/blog/bpfdoor-malware-evolves-stealthy-sniffing-backdoor-ups-its-game
I’ve found it on orgs in Taiwan and Hong Kong so far.
-
Still zero detections on Virustotal (and real world AV and EDR) 🥳
Vendors should aim to have robust detection for this, as it's a real world nation state implant used in a global surveillance operation used for SIGINT for about a decade (including inside and against the US).. which still nobody can be arsed to investigate.
-
Still zero detections on Virustotal (and real world AV and EDR) 🥳
Vendors should aim to have robust detection for this, as it's a real world nation state implant used in a global surveillance operation used for SIGINT for about a decade (including inside and against the US).. which still nobody can be arsed to investigate.
VirusTotal behaviour search for latest BPFDoor variant (which has been around since last year but nobody noticed again):
(attack_technique:T1027.005 attack_technique:T1027 behaviour_files:/var/run segment:.eh_frame_hdr) NOT attack_technique:T1543.002
-
VirusTotal behaviour search for latest BPFDoor variant (which has been around since last year but nobody noticed again):
(attack_technique:T1027.005 attack_technique:T1027 behaviour_files:/var/run segment:.eh_frame_hdr) NOT attack_technique:T1543.002
Trend Micro have spotted more new versions of BPFDoor, great work by them here.
If you run Linux infrastructure and your org has customers in Asia, particularly minority groups of interest to China, I’d suggest investigating.
Also other anti malware vendors need to look at their detection as again it’s basically zero detections except for Trend now.
https://www.trendmicro.com/en_us/research/25/d/bpfdoor-hidden-controller.html
-
Trend Micro have spotted more new versions of BPFDoor, great work by them here.
If you run Linux infrastructure and your org has customers in Asia, particularly minority groups of interest to China, I’d suggest investigating.
Also other anti malware vendors need to look at their detection as again it’s basically zero detections except for Trend now.
https://www.trendmicro.com/en_us/research/25/d/bpfdoor-hidden-controller.html
Multiple Korean telcos are dealing with BPFDoor incidents
Linux anti malware and EDR performance for BPFDoor detection is still shockingly poor. Orgs in Asia or with customers of interest to China (eg Uyghurs) should hunt forward for this. There’s other hints in the thread.
-
Multiple Korean telcos are dealing with BPFDoor incidents
Linux anti malware and EDR performance for BPFDoor detection is still shockingly poor. Orgs in Asia or with customers of interest to China (eg Uyghurs) should hunt forward for this. There’s other hints in the thread.
Really good research from Rapid7 here, where they’ve found multiple new versions of BPFdoor which do things like listen and backdoor on extremely uncommon 4G and 5G signaling protocols - it strongly suggests BPFDoor has been placed far inside telcos for surveillance.
They provide a tool to check for the new implant - I would strongly suggest telcos look for this on their Linux systems, including call infrastructure.
https://www.rapid7.com/blog/post/tr-bpfdoor-telecom-networks-sleeper-cells-threat-research-report/
-
Really good research from Rapid7 here, where they’ve found multiple new versions of BPFdoor which do things like listen and backdoor on extremely uncommon 4G and 5G signaling protocols - it strongly suggests BPFDoor has been placed far inside telcos for surveillance.
They provide a tool to check for the new implant - I would strongly suggest telcos look for this on their Linux systems, including call infrastructure.
https://www.rapid7.com/blog/post/tr-bpfdoor-telecom-networks-sleeper-cells-threat-research-report/
I don’t know if the US has any effective telco regulation available btw but I’d strongly suggest US telcos are required to investigate and report back findings on this. When I did the OG research on this back in 2021 I found them inside in a US telco and US postal services.
-
R relay@relay.infosec.exchange shared this topic
-
I don’t know if the US has any effective telco regulation available btw but I’d strongly suggest US telcos are required to investigate and report back findings on this. When I did the OG research on this back in 2021 I found them inside in a US telco and US postal services.
@GossiTheDog just assume we don't. That's the safest bet.
